Fake Website: What is Spoofing?

Spoofing - Phishing Emails and Fake Websites

By now, chances are you’ve heard the preaching about how important it is to have good, strong passwords – and how your passwords should contain at least twelve digits and be peppered with special characters whenever possible.  You’ve also probably heard you should have a different password for each and every account or website you frequent. And let’s just assume you’re heeding that advice.

Regardless of how long, strong, or clever your passwords may be, none of that matters if you share your passwords with the wrong person.  So it goes without saying that you wouldn’t willingly or knowingly give your password to just anybody. In fact, as wise as you are, you probably wouldn’t share any of your passwords with someone else. However, in spite of your prudent intentions, you might do just that if you’re not extremely careful.

With today’s sophisticated “phishing” and “spoofing” tactics, you could easily be duped into providing your login credentials for a website by typing your user ID and password into what you think is the real website, but in actuality, it’s a very convincing fake.  These lookalike or “spoof” websites appear to be the real thing, so much so that you could easily be lulled into providing your username and password without batting an eye.

It’s important to understand how and why you might end up on a fake website in the first place. Often it starts with a phishing email message you receive.  The email is fake and comes from an online scam artist posing as a credible organization that you trust and with which you normally conduct business.  The emails can truly seem authentic, containing believable imitations of the company’s logo.  But because they are contacting you, and through email no less, you should put your “suspicious” shoes on, even if nothing appears amiss.  Here’s what to do if you receive an email likes this:

First, if the message is seems overly suspicious, don’t open it at all – just delete it.

Secondly, assuming you’ve opened the message, take a look at the actual email address of the sender by hovering your mouse over the sender’s name/address, right-click your mouse to display a menu, then left-click on “Properties” to see if the message is really from who it purports to be from.  In other words, if the email says it’s from Chase Freedom, the email address should end in “chase.com.”  (NOTE:  Just because the email passes this test, doesn’t guarantee you’re in the clear.  It’s easy for hackers to spoof a legitimate email address, so don’t rely solely on this check for verification.) 

Spoof emails usually contain links within the body of the message that take you to other websites.  DO NOT click on them!  First, check for fake links.  Move and hover your mouse over the link in the email message and study the URL, which is usually displayed in your system tray at the lower left portion of your screen.  If it looks suspicious, don’t click it.  Spam (phishing) emails are geared to redirect you to a spoofing website where they’ll ask you to enter your personal information.  Never respond to emails asking for your account related information, such as account number, user ID, and/or passwords.  If you want to be sure you’re visiting the authentic website of a particular organization, it’s safest to open a new browser window and type the URL yourself, such as www.chase.com.

If you have clicked on a link and landed on a website, be sure to verify it’s not a spoofing website – even if everything else looks exactly like the real deal.  It’s possible you’ve been redirected to a webpage resembling the login screen for the business in question. BUT WAIT!  Slow down, take a minute, and think.  Spammers (aka “cyber criminals”) hope you don’t hesitate or take the time to think.  In fact, that’s exactly what they’re counting on! They want you to just plow ahead on “auto-pilot” and enter your user name and password when prompted, without thinking twice.  But if you do and the website is not the “Real McCoy”,  they’ve got what they wanted — your information!

To prevent this, anytime you are prompted by a website to enter information specific to you, whether a login, password, account number, or any other piece of information, make sure you verify you are really on the actual website and not a fake one.

  • Study the website URL in the address bar. For example, make sure it is really “twitter.com” and not a deceivingly close “twiter.com”. Close doesn’t cut it.  If it’s not exact, it’s not the site you want.
  • Some fake websites will insert a false address over the actual, evil address, making it appear as though you’re on a legitimate website. Just because a URL contains the name of the business in it, doesn’t mean it’s legitimate.
  • Also, look for a secure lock icon in your browser where it normally would appear, such as immediately to the right of the address bar if you’re using Internet Explorer. Check to be sure it isn’t a fake icon placed somewhere else on the page just to fool you.
  • Look for “https” before any website address (URL) where you’ll be entering personal information. The “s” stands for secure. If you don’t see “https” you’re not on a secure website and you shouldn’t enter any personal information.
  • Never respond to any online forms or popup windows asking you to login, change or update your user ID or passwords, or provide any other sensitive personal information. Only do this if you’ve initiated the visit to the company’s website yourself by typing the URL directly into your browser’s address bar.

Some of the more commonly spoofed organizations for emails and websites include financial and banking institutions like Chase, Citibank, PayPal, social media outlets, escrow service providers, as well as online commerce websites like eBay.

The intent of spamming and spoofing is to trick you into handing your personal information over to online dirtbags.  They are identity thieves, plain and simple, and they’re hoping you’re not paying attention. Make sure you slow down and scrutinize the emails you receive and verify the websites you visit. It will be worth it!

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Tech-Related Resolutions For 2012

Tech-Related Resolutions For 2012

A new year brings new opportunity for us all to change our old habits for new ones. Take me, for example. I’ve set up a few resolutions for myself that include getting healthier, spending more time with my family, and learning a new programming language. Maybe you want to dedicate more time to a hobby, or finish up that project car that’s been sitting in your driveway since 1998. 🙂

New Year resolutions are kind of a laugh to most people, because we all know that as humans, we’re loathe to change on our own. We all get used to doing things a certain way unless life kicks us in the behind to do something about it. But this year, you and I can make a positive change before something bad happens.

I’ve got 3 super simple things you can do to make the technology-related side of your life better. Each of these will either save your life (seriously), save you from embarrassment &/or identity theft, and save you from the wrath of a loved one for losing important files… like wedding photos, etc. Read on:

  1. Resolve to be safe with technology

    Some of you probably laughed when I said a tech-related resolution could save your life, but this really could: Use your tech and gadgets only when appropriate. I’m looking right at you, car texters. But it goes beyond texting while driving. Stop messing with your GPS devices, using your cell phone without a hands-free device, and even fiddling with your stereo settings while driving. A click here or there to change a station or re-route your GPS is one thing, but I’ve seen a lot of people concentrating more on the gadgets than the road. Don’t be the one who becomes a statistic!

  2. Resolve to change your passwords

    This will be, by far, the easiest and best thing your can accomplish in this resolution list. For every service you use, whether a bank, Facebook, or Amazon.com, change the password. You and I both know that it’s been a while. Maybe not for every login you have, but if you’re like most people then many (or even most) of the services you use haven’t seen a password update since you first signed up.

  3. Resolve to back up your important files

    With services like Dropbox, making backups of important files like your digital photos is easier than ever. And if you’re worried about putting sensitive data in the cloud then do what I did: Buy yourself an external USB hard drive and back them up there. Even if all you did was a straight copy and paste from your desktop or laptop to your external drive, you’d have the peace of mind that your files are safe. I have a friend who lost all of his wedding photos because of a hard disk crash, and let’s just say it wasn’t pretty to hear about the wrath of his lovely wife.

I sincerely hope you take those 3 simple changes to heart. You’ll find that they aren’t tough to do, and you’ll be a lot safer in the long run by doing them. Here’s hoping you and your loved ones enjoy a happy, safe, and technology filled 2012!

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Securing Your Wireless Network at Home

Securing Your Wireless Network at Home

As wireless devices become more common, keeping your wireless (AKA WiFi) network at home secure is increasingly important to many people. And while a lot of people keep their WiFi open, we feel it’s erring on the side of caution to go ahead and lock down your wireless network at home.

Looking at 2 opposite sides of the wireless security spectrum, you have well-known security expert Bruce Schneier who allows his home WiFi network to be open and unsecure, which sounds all well and good. But then you read stories about neighbors and/or strangers using your “wireless network for criminal activities” like downloading child porn, and it makes you think twice about keeping an unsecure network.

Here are a few tips you can use to help keep your wireless network secure:

  • Change the username & password on your wireless router:

    Keeping the default factory settings of any device opens you up to hackers who keep track of these things and share them among each other. And creating a good, secure password is a quick and easy way to alleviate the risk of easily hacked WiFi gateways.

  • Use wireless network encryption:

    Wireless routers in recent years all have the ability to use the WiFi Protected Access (WPA/WPA2) protocol. Break out the instruction manual or do a Google search for your router, and figure out how to set up WPA. Older WiFi routers may have WEP, or Wired Equivalent Privacy, but it has some security holes that make it vulnerable to attack and isn’t recommended. If your wireless router doesn’t support WPA/WPA2, then we suggest you get a new one.

  • Update your Internet security software:

    Whether you use StopSign or another product, make sure that you keep it updated. Most antivirus/anti-spyware packages have a mechanism to auto-update itself. Turn that on so you’re always sure to get the latest updates. Keeping your Internet security software updated can help prevent any problems if/when an attacker breaks into your WiFi network and starts to poke around.

  • Change the Service Set Identifier:

    Also known as the SSID, this also come with a default name that tips hackers off when they see it. Most people who aren’t computer savvy leave the default, and that can indicate to a hacker that there may be other easily found vulnerabilities with a particular network. Change the SSID to hedge your bets against the hackers.

  • Remove the ability to log in remotely:

    Most wireless routers come with remote log in turned to off by default, but don’t take a chance. Be sure it’s off, and leave it off.

  • Enable MAC address filtering:

    Not to be confused with Macintosh computers, a MAC address is a unique code on all wireless network cards. MAC address filtering tells your router to only allow devices with a known MAC address to connect to your WiFi.

It may seem like a lot to do, but today’s wireless router manufacturers know the dangers associated with an open WiFi network, and most work hard to make changing these things easy on you. Changing defaults, making secure passwords, and keeping updated Internet security software will to a long way in making your home wireless network secure!

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Internet Privacy and Internet Safety Tips for 2011

Internet Privacy and Internet Safety Tips for 2011

A New Year brings in a lot of new things to everyone… New hopes. New dreams. And yes, sometimes it brings in some new bad things, too. Such is life. But while we can’t help make your favorite sports teams win, and we can’t do anything about that crazy co-worker in the cubicle next to you, but we can give you some tips on how to stay safe online in 2011.

You can bet your bottom dollar that Internet privacy concerns, identity theft, malware distribution, cyber attacks, and a host of other technology-related problems are only going to rise and morph over the course of the year. (They always seem to, don’t they?!) Keep yourself, your family, your information, and your money safe by following the tips below:

  • Change your passwords:

    Yep. All of ’em. I know I mentioned it last year, but if you didn’t change your passwords then, you really should change your passwords right now. The safety and security of the information on your PC is literally a password away from being grabbed and abused by unscrupulous characters on the web.

  • Patch it up:

    You’ve got a computer. You’ve got software. And you’ve probably got patches you can apply to them all. Unpatched machines and software leave holes open that hackers can take advantage of, so patch your PC today. Doing so will not only keep your machine secure, it might make a program or two a bit more peppy or give it a few more features.

  • Desocialize your network:

    Look, I love Twitter, Facebook, an LinkedIn just as much as the next guy or gal, but every now an again you should review and do a little housekeeping on your social networking profiles. Think about it: Do you really need Jake, formerly of accounting, on your friend list now that he’s gone and you only added him because he was a co-worker in the first place? I didn’t think so.

  • Geolocation in moderation:

    Our blog post “Stranger Danger: Geolocation Features and Internet Safety” still stands, in my personal opinion, as one of the most important blog articles written in 2010 from both a personal safety and Internet safety standpoint. If you haven’t seen it, please read our article on geolocation safety tips now, especially if you’re using any of the location-aware features of Twitter, Facebook, FourSquare, or any other service or device.

I sincerely hope these tips help you stay protected. Happy New Year, and I hope you have the best of luck with all of your Internet privacy and Internet security concerns in 2011.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

8 Character Passwords Are So 2009.

8 Character Passwords Are So 2009.

There’s a really interesting article from Georgia Tech that talks about how the advanced computing power that’s readily available today may actually be making password length an even more important factor for creating a secure password. Using graphics processors, researchers are able to quickly, and cheaply, break 8 character passwords in a matter of hours. From the article:

Georgia Tech researchers are investigating whether this new calculating power might change the security landscape worldwide. They’re concerned that these desktop marvels might soon compromise a critical part of the world’s cyber-security infrastructure — password protection.

We’re big proponents of secure passwords here at StopSign, so this story really spoke to us. It confirms that any password less than 8 characters in length is pretty much useless, and even 8 character passwords are now not exactly cutting edge. The new recommendation for the total number of characters in a password? The article says:

…any password shorter than 12 characters could be vulnerable — if not now, soon

Brute force attacks on passwords that are 12 characters would currently take approximately 17,134 years, while an 11 character password would take around 180 years. It’s amazing what one character difference can make.

As usual, we recommend not only longer passwords, but also that you use a mix of uppercase and lowercase letters, as well as other characters and symbols such as the asterisk (“*“), hash sign (“#“), ampersand (“&“), and the like. Doing so will greatly increase the time it takes to break your password. For more on creating strong passwords, check out our article “12 Tips for Making a Good Password.“.

Image courtesy of Georgia Tech, taken from a screenshot of their website

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

The Most Dangerous Threat to Your (Internet) Security.

The Most Dangerous Threat to Your (Internet) Security.

There’s a threat lurking on your computer right now. A presence so fraught with security holes that to expose it to any malicious element on the Internet would likely result in things such as identity theft, spyware, hacked accounts, and worse. What’s this problem? The problem, my friend, is you.

“Only amateurs attack machines; professionals target people.” Bruce Schneier (computer security expert)

So you’re a danger to yourself and others around you when it comes to Internet security… don’t feel bad. We’re all guilty of it. As humans, we’re notoriously good at being bad: we forget to pick up the milk even though our significant other reminded us, we skip a meal and eat way too much later that night, and we certainly get complacent when it comes to Internet security. And that last thing, that’s what we’re talking about. You can deal with your SO and your doctor on those first two. 🙂

We’ve talked about social engineering before, which is an easy way for hackers and phishers to get information out of you. Instead of breaking into your computer they attempt to break into you, using emails, instant messages, and in some cases even phones or talking to you in real life (both of which are much more rare, but still possible). Once they have gained your trust they begin to break down walls and get at what they really want: your sensitive information. Passwords, account numbers, access codes… anything they can get their hands on that might prove valuable.

In order to stop these people from breaking into your life, you have to train yourself to jog your brain out of complacency when it comes to Internet security. Three of the easiest ways to lock out the bad guys are:

  1. Strong passwords:

    Maybe we’re sounding like a broken record here, but a good password is one of the easiest, and best, deterrents to attacks ranging from account privacy to identity theft. Build yourself a better password.

  2. Trust but verify:

    We’re not suggesting that you live your Internet life in a bubble, just use the same precautions you’d use in the real world. Use some of the tips we wrote in our blog post “5 Simple Tips to Staying Secure Online” and that should cover your bases.

  3. Lock down accounts:

    Your privacy is one of your most important assets online. For every service you use, from your bank to Facebook, make sure that you understand how their security and privacy policies affect you and lock down information such as your physical address and home phone number so that only people you want contacting you can do so.

Reducing the amount of information publicly available about you and keeping up with a few easy Internet security tips will go a long way to keeping you safe… from yourself. 🙂

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.