This is your Final Notice of Domain Listing?

Have you gotten one of the notices below?  We get them regularly and they’re not legit.  If you’ve read my other blog posts about spotting email scams and fraud you know there are several ways to spot a scam or bad email.

I’ve said it before and I’ll say it again, and again, and again…. you are your own best protection when it comes to avoiding scams, phishing and keeping your computer and personal information safe. You have to THINK before you click!

First,  check out the email address of the sender:  From: “Domain Services” <domainservicb73@hotmail.com> Hotmail?  Who uses hotmail for business communications!?

This particular notice is worded to be completely confusing.  It starts by calling the service “Domain listing”.  Further along it morphs into a “Domain Service Notice” then it’s a “business Domain name search engine registration” and then it’s “SEARCH SUBMISSIONS”.

There are search engine optimization (SEO) services offered by legitimate companies but they’ll never to send you an invoice before sitting down with you to discuss your company, website and goals.

In short, the email below is trash and should be deleted from your inbox should you get it.   Have a question about an email you’ve received – let me know.

~~~~~~~~~~~~~~~~~~~~~~~~~

From: “Domain Services” <domainservicb73@hotmail.com>
Sent: Wednesday, May 15, 2013 10:20 AM
To: SUPPORT@VIRTUALDENSITY.COM
Subject: Domain Notification: CHRIS F This is your Final Notice of Domain Listing – ADOMAINYOUKNOW.COM

Email fraud and scams are a hot topic here.  We’ve posted several times on the topic offering up helpful hints and examples by the handful.   You can find several examples of email scams in our own Jennifer Morandi’s blogs.

Scams in general and email scams in particular aren’t new, the number and frequency are on the rise.  You can protect yourself and your business by knowing how to identify them.  Here’s five tips to help you spot email frauds or scams.

Look at the email address
One of the easiest ways to spot a fraudulent email or scam is by looking at the email address of the sender. Many credit card application scams use third party email services like Gmail or Yahoo. Some scammers go so far as to set up accounts in the name of the company e.g., AMEX_121@gmail.com.

Sophisticated scammers will actually try to copy the legitimate company’s email account – a practice called spoofing. They will usually have a few changes like a missing letter from the address, or an extra . added.

The easiest thing you can do is look for the sender’s site on the Internet. For example: You get an email from AMEX OPEN (American Express’s small business credit card) and notice that the sender’s email address just doesn’t look right. Go to Google and search for Amex fraud. You’ll likely find the fraud page which tells you exactly how the company sends emails. If the sender is a smaller company, most of these will have email contact addresses right on the site, take a look and compare the two. If they are different, the email is likely a scam.

Look at the sender’s website
If you think an email is fraudulent, look up the website (don’t click on anything in the email!) associated with the email. If you can’t find the site, it’s likely a scam.

If you do find a website, click through some pages to see if there is anything that looks out of place. For example: a website selling a new financial service has pages with Coming Soon or you get errors when you try to load the page. If it looks fishy, it likely is – delete the email.

It would also be a good idea to go to archive.org’s Wayback Machine, copy and paste the website’s URL into the The Wayback Machine Search bar and hit Take me back. This will bring up previous versions of the website. If you see that the site in question was something completely different a few months to a year ago (e.g., it is a financial services page now, but six months ago it was a page selling prescription drugs), chances are high it’s a fraud.

Call them
Many scammers will put phone numbers into emails to make them look more legitimate. If you are unsure about whether this email is legitimate or not, why not try calling the number? Many scammers run more than one fraud operating at the same time and may answer the phone with another name, or not at all.

Look carefully at the body of the message

The body of the email can also be a great way to suss out a potential scam or fraud. Because many fraudulent emails originate outside of the major English speaking countries, there will often be language that just sounds different from the way people write in your area.  If you see mistakes like ‘our product are a great deals’, this should raise a warning flag.

Spelling and grammar errors happen, so don’t expect a perfect email from all companies, especially if you see that the company is located overseas.  But if the email is supposedly coming from within your area and has glaring errors that should get your attention.

The sender asks for money or passwords
It’s common sense when sending out emails you never ask for a person’s credit card number or account passwords. Banks, large companies and many social networks will never ask you for passwords or account information, credit card numbers, pin codes, etc of any kind over email. If you receive an email selling something asks for you to reply with a credit card details so you can make a purchase, it’s a good bet it’s not legit.

Email fraud is a big deal, and unfortunately it will likely become even more common in the near future. This means you should be able to spot potentially fraudulent emails. If you think an email is a scam,  just delete it. Don’t respond or forward it to colleagues or employees. If you need to let people know, write another email that describes the suspected email but has no links. You can also forward a screenshot to your colleagues or friends to illustrate the scam.

Looking for more ways you can protect your company? Contact us 203.987.4566 or sales@virtualdensity.com. We can work with you to develop a security system that will meet your needs.

Chances are high that you already take great steps to ensure that your network and systems are secure from threats. But, do you take the same steps to ensure that your accounts like email, social media, bank and so on are also secure? The weakest link of any account is the password, and that’s exactly where most hackers strike. Is your password secure?

We recently conducted a password audit for a client and found that the majority of the 100+ users had not changed the default password that was assigned to them 2 years ago.  Among those who did, we found one user who used 4 consecutive numbers with 4 consecutive letters, one user who used undisguised profanity, three who use their department name, several who used the organization name and, my favorite, an assistant who’s password is the same his supervisor’s.

If you want to minimize the chances of your password being hacked, here are five things you should NOT do.

1. Don’t pick short passwords

While short passwords are easier to remember, they’re also easier and quicker to hack. The most common way to hack passwords is by using brute force: developing a list of every possible password, then trying this list with a username.

Using a mid-range computer like the one many have on their desk, with a normal Internet connection, you can develop a list of all potential passwords astonishingly quickly. For example it would take 11.9 seconds to generate a list of all possible passwords using five lowercase characters (a,b,c,d,etc.) only. It will take about 2.15 hours to develop a list of all possible passwords using five of any computer character. Once a hacker has the list, they just have to try every potential password with your user name.

On the other hand, a list of all 8 character passwords with at least one special character (!,@,%,etc.) and one capital letter would take this computer 2.14 centuries to develop. In other words, the longer and more complex the password, the harder it will be to hack. That being said, longer passwords aren’t impossible to hack, they just take more time.

2. Don’t use the same password

The way most hackers work is that they assume users have the same password for different accounts. If they get one password, it’s as simple as looking through that account’s information for any related accounts and trying the original password with the other accounts. If one of these happens to be your email where you have banking information, they’ll probably hack that next.

That’s why it’s important to use a different password for every online account. They key here is to try and use a password that’s distinctively different. Don’t just add a number or character onto the end of a word. If you have trouble remembering all of your passwords, try using a password manager.  You can find password managers and reviews on CNET.com.

3. Don’t use words from the dictionary or all numbers

This article published last year on ZDnet highlights the 25 most popular passwords. Notice that more than 15 contain words from the dictionary, and most of the rest are strings of common numbers. To have a secure password, most security experts agree that you should not use words from the dictionary or number combinations that are beside each other (e.g., 1234).

4. Don’t use standard number substitutions

Some users have passwords where they replace letters with a number that looks similar, for example: h31lo (hello). Most new password hacking tools actually have combinations like this built in and will try a normal word, followed by replacing letters with similar numbers. It’s best to avoid this.

5. Don’t use available information as a password

A quick search for your name will probably reveal your email address and social media profiles. If you have pictures of your kids, spouse, pets, family, their dates of birth etc. on your Facebook profile with their names in captions, it’s possible for a hacker to see this (assuming the pictures are shared with the public).

You can bet that they will try these names as your password. You’d be surprised by the amount of personal information on the web. Try searching for yourself using your name and email address and see what information comes up. If your passwords are close to what you find, it would be a good idea to change them immediately.

There have been plenty of important inventions over the last 100 years among those is the computer. Unfortunately, they come with a downside: Destructive malware such as viruses have become a major problem for computer users because viruses have been built up to such mythical proportions that many users simply don’t know fact from fiction.

A virus is a computer program that infects a computer and can generally copy itself and infect other computers. Most viruses aim to cause havoc by either deleting important files or rendering a computer inoperable. Most viruses have to be installed by the user, and usually come hidden as programs, browser plugins, etc.

You may hear the term malware used interchangeably with virus. Malware is short for malicious software and is more of an umbrella term that covers any software that aims to cause harm. A virus is simply a type of malware.

Now that you know more about viruses and malware, here are five common myths about viruses that confuse people, and the truths associated with them.

Myth 1: Error messages = virus 

A common thought many have when their computer shows an error message is that they must have a virus. In truth, bugs in the software, a faulty hard drive, memory or even issues with your virus scanner are more likely the cause. The same goes if your computer crashes, it likely could be because of something other than a virus.

However, if you do see error messages, or your computer crashes while trying to run a program or open a file, you should scan for viruses, just to rule it out.

Myth 2: Computers can infect themselves
It’s not uncommon to have clients bring in their computers  and exclaim that a virus has “magically appeared” on the system all by itself. Despite what some may believe, viruses cannot infect computers by themselves. Users have to physically open an infected program, or visit a site that hosts the virus and download it.

To minimize the chance of being infected you should steer clear of any adult oriented sites – they are often loaded with viruses,. A good rule of thumb is: If the site has illegal or ‘adult’ content, it likely has viruses that can and will infect your system if visited, or if you download anything from there.

Myth 3: Only PCs can get viruses
If you read the news, you probably know that many of the big viruses and malware infect mostly systems running Windows. This has led users to believe that other systems like Apple’s OS X are virus free.

The truth of the matter is: All systems could be infected by a virus, it’s just that the vast majority of them are written to target Windows machines. This is because most business computers run Windows. That being said, there is an increasing number of threats to OS X and Linux, as these systems are becoming more popular. If this trend keeps up, we will see an exponential rise in the number of viruses infecting these systems, too.

Myth 4: If I reinstall Windows and copy all my old files over, I’ll be ok
Some believe that if their system has been infected, they can simply copy their files onto a hard drive, or backup solution, reinstall Windows and then copy their files back and the virus will be gone.

Wiping your hard drive and reinstalling Windows may get rid of any viruses. However, if the virus is in the files you backed up, your computer will be re-infected when you move the files back and open them. The key here is that if your system is infected, you need to scan the files and remove the virus before you put them back onto your system.

Myth 5: Firewalls protect networks from viruses
Windows comes with a firewall built into the OS, and many users have been somewhat misled as to what it actually does, and that firewalls can protect from viruses. That’s actually a half truth. Firewalls are actually for network traffic, their main job is to keep networks and computers connected to the network secure; they don’t scan for viruses.

If a virus is sending data to a computer outside of your network a firewall may pickup this traffic and alert you to it or stop the flow of data altogether. But some of the bigger viruses actually turn off the firewall, rendering your whole network open to malware attacks.

What can I do?
There are many things you can do to minimize the chances of infection. The most important is to install a virus scanner on all of your systems, keep it up to date and run it regularly. And, it’s just as important to be proactive by:

• Not installing programs from sources you don’t know or trust
• Being wary of any program that asks you for your password
• Not installing any browser add-ons or plugins suggested by websites. Instead, download them from the browser’s app store, or the developer’s website.

If you are worried about the security of your systems and network, call us today at 203.987.4566. Our team  can work with you to provide a plan that will meet your needs.

One of the more popular debates about the Internet is: who exactly owns your data and information when it goes online? Most of the information regarding this is held in the Terms of Service, which most people click and agree to without reading. The interesting thing about this is that web oriented companies usually update their policies on regular basis and often introduce changes you may not be aware of. With so many websites, it can be a chore to keep track of all these changes.  Luckily there is an online database that makes this easy.

Since Terms of Service for websites change on a fairly regular basis, it’s hard for us to know if and when such changes have been made, and what exactly has been changed. That’s why a group of lawyers and professionals started Docracy. According to the website, “Docracy is a home for contracts and other legal documents, socially curated by the communities that use them.” The company aims to make legal documents freely available.

Part of this site is the Terms of Service section which is a database of over 1,000 popular websites’ Terms of Service and Privacy policies. It tracks them and notes when changes are made, and highlights these changes so they are easily found.

If you visit the site here, you can see a list of changes that companies have recently made, and clicking on one should give you basic change information. Clicking on See Full Changes will bring up the full doc with the recent changes highlighted.

Selecting See Full Directory will bring up every policy that the website tracks, and allow you to read them.

Is this useful for my business?
Online law is very complicated, and many companies that run websites that you may have accounts with often don’t make it easy for you to find legal contracts or policies. A good example of where Docracy is helpful is if you want to know who exactly owns your content stored on a popular cloud service. You can go to Docracy’s database and quickly find the related Terms of Service. From there you can download the document and look through it, or view it on the site.

Basically this site can help you get a clearer picture on the various contracts you sign with websites, and how these websites plan to use your data. For many business owners, knowing exactly what other companies are going to do with your data can help you find a more secure solution. After all, being prepared with the correct knowledge is half the battle.

If you would like to learn more about Docracy, or how a change to a Terms of Service could affect your business please contact us today.

Imagine you’re at the airport waiting for a flight when you look down only to discover that your laptop is missing. This isn’t a great thought, especially since many of us have important files and programs that we can’t afford to lose. The problem is, if your device has gone missing, and your files aren’t safely synched to the Cloud,  the chances of you recovering it are slim. The good news is that there is a solution that makes it possible for you to track your device.

Prey is an Open Source – free – program that you can install on your computer or mobile device and track it when it’s missing, or been stolen.

How it works
First you have to download the software – from here – onto your computer (Windows, Mac or Linux are supported), and sign up for an account. Then, you’ll have a couple of options: You can either sign up for an account with Prey and access a control panel through the website, or install it as a standalone which is recommended for advanced users as it requires some server configuration.

If you chose to go with the Web option you sign up for an account and install the software then register your main device along with extra ones like an Android, or your iOS device. Once you have downloaded Prey and linked them together, you are ready.

For mobiles, you can send these a text (from the Web Control Panel) which will initiate the established options you have pre-set for when your phone goes missing.

How Prey finds your device’s location depends on the device. For laptops, it can turn-on your Wi-Fi connection and try to connect to the nearest access points. It can take the IP address of each Wi-Fi access point and from there get an approximate location – in some areas as close as 200 feet. On your phone, it turns on the GPS (if available) and tries to connect to Wi-Fi networks in range. These two combined can generate a fairly accurate location.

All this tracking information is sent to your inbox in the form of a report, which can be tailored to meet your needs.

What makes this program different from other similar ones is that it can be installed across multiple platforms and managed from one account. It’s also free, which makes it even more attractive. There is also a Pro version which allows you to track more devices, for a monthly fee (USD$5 for 3 devices up to USD$399 a month for 500 devices).

Prey is just one of the many device tracking programs, and installing one may be a good idea, to give you a greater chance of retrieval if your phone or computer is lost or stolen. Do you use one already? If so, which one? If you would like to learn more about Prey and the other device tracking programs please let us know, we may have a great solution for you.

Most people are conscious of their personal safety.  We lock the doors at night and when we leave home.  WE put on seat belts and look both ways when crossing the street.  Yet, when it comes to online security, most folks are content with a virus scanner, and do little about securing their personal data stored online.

If a grocery store clerk asks for your home address and phone number, you’d likely ask why they need it. Online however, we usually provide it without a second thought. We should be taking steps to protect our personal information instead of handing it out like candy.

Here’s three things you can do to help secure your personal data shared online.

1. Realize your online actions are risky
Read any tech related blog, or even syndicated news articles and it’s not hard to see that identity theft and cybercrime in general is not only serious, but on the rise.  As with any plan, the first step is realizing that there is a problem.  Once you’ve acknowledged that there is a problem the next step is to educate yourself about online security and what steps you should take.

2. Take matters into your own hands

Many people already know their personal information online is at risk, but there are further things you should do to minimize any dangers:

1. Don’t rely on websites to keep you secure - Companies, online and brick and mortar, exist to make money. How do they do it? Sometimes, it’s by selling information you have given them or given them access to. Look at all the sites you have accounts with and ensure your information is secure to the level you are happy with.
2. Provide the least amount of information possible - Think about the last time you joined a social network, or mailing list. You likely were asked to provide your name, address, birthday, etc. Often, you don’t have to provide all the information requested, just the highlighted or asterisked items are required.
3. Think twice before signing up – It’s a good idea when signing up for a new account to think twice. Do you really need this account? Or can you get by without it?
4. Use separate email accounts and passwords - Setting up different email accounts is a good idea. One should be for personal use, so the address is given only to people you know. Another could be for all of your online accounts, with a final one strictly for password recovery. It would be best to make the addresses as different as possible.You should have separate passwords for each account and every service. This will limit hackers from being able to gain access to multiple accounts.
5. Secure your browsing – Almost every website that asks users to sign up for accounts offers a secure version of the site. Enter https://www. before the site address, e.g., https://www.facebook.com. https is a secure communications protocol that ensures one is communicating directly with the website – you’re actually looking at Facebook, not a phishing site designed to steal passwords.

3. Encourage others to think
It’s not enough to just take action yourself. Encouraging colleagues, friends and family to also take steps to protect their online information and identities, is worthwhile. There are many great ways to help spread the word about safety, including the National Cyber Security www.staysafeonline.org, which has even more information.

If you would like to learn about how we can help you keep your information and data safe online, please contact us today at 203.987.4566 or by email at sales@virtualdensity.com  for a comprehensive solution!

As technology continues its creep into every aspect of our life, the number of Internet connected devices we use is also growing. This has led to an increase in the number and severity of security threats facing networks. It seems that almost every week a new security threat is uncovered. One of the latest can potentially affect nearly every device that connects to the Internet.

At the end of January, numerous news and tech media services issued warnings about UPnP (Universal Plug and Play) enabled devices. This was taken to be a big issue because of the widespread adoption of these devices and the fact that many of them have little to no security measures, which could open whole systems to attacks. Many business owners and managers are wondering what exactly is UPnP and how it can open systems to attack.

UPnP defined UPnP is a protocol or code that allows networked devices like laptops, computers, Wi-Fi routers, and many modern mobile devices, to search for and discover other devices connected to, or wanting to connect to, the same network. This protocol also allows these devices to connect to one-another and share information, Internet connection and media.

A good example of UPnP in use is your laptop. When you first connect your laptop to your router, you likely have to enter a password and maybe even the router's network name. Without UPnP you would have to find the network and enter the password each time you want to connect to the Internet. With UPnP, your laptop can automatically connect whenever it's in range.

Why is UPnP a security threat? UPnP has been in use for the better part of seven years and has since come to be found in nearly every device that connects to the Internet - pretty much everything. While it was written for devices in the home e.g., Wi-Fi routers, many businesses also use these devices because they are often easier to set up and cost less than their enterprise counterparts.

Because of the sheer number of devices that use this protocol, and the fact that it's engineered to respond to any request to connect to the device, it makes sense that this could be a security issue. A recent study tested the security of UPnP and revealed some interesting results.

Rapid7, the company that conducted the study, sent UPnP discovery requests to every routable IPv4 address. - IPv4 (Internet Protocol version 4) is a set of protocols for sending information from one computer to another on the Internet. A routable IPv4 address is one that can be contacted by anyone on the Internet. They found that over 80 million addresses used UPnP, and 17 million of these exposed the protocol that enables easy connection to the system or device. This can be easily exploited by hackers.

In other words, 17 million systems, many of which could be businesses, are open to attack through the UPnP device. This security threat opens networks to denial-of-service attacks which make resources, including the Internet, unavailable to the user. One example of a popular denial-of-service attack is a hacker making your website unavailable to others.

Can we do anything? Most experts are recommending that you disable UPnP on your networked devices. The first thing you should do however is to conduct a scan for vulnerable UPnP devices on your network. Tools like ScanNow (for Windows) can help you search. For many, this is a daunting prospect, as the chance of creating more issues is just too great.

We recommend contacting an expert like ourselves, who can conduct a security analysis and advise you on steps you can take to ensure you are secure. So, if you are worried about the security of your systems, give us a call today. We may have a solution for you.

For as long as computers have been able to connect to the Internet, there have been security flaws and the two go hand-in-hand. Companies do their best to shore up security problems, and some do better than others. There's one popular Internet based program that has had a slew of security issues in the past year, prompting many experts to suggest you should disable it.

That program is Java - a programming language and application that allows developers to create web applications, and users to view much of the visual content and animations on the Internet. The problem isn't with the programming language per se, but with the application developed by Oracle Systems.

Oracle released an update to Java - Java 7, Update 10 - in December, but it was found to have some serious security flaws. These issues were quickly spotted by hacker groups who released exploit kits - software making it easy to exploit Java 7's security weaknesses - giving them full security privileges. This exposed any computer running Java 7 to potential malware and attack. Because Java runs at the browser level, every OS could be targeted. To make matters worse, 30 security flaws were patched back in September, after nearly 1 billion computers were found to be at risk.

It's this string of security red flags that had the US Department of Homeland Security issue a warning that users should disable Java on their browsers. In response to this, Oracle updated Java again,  to Java 7, Update 11 on January 12, and noted that the security flaw had been fixed. Many experts, including those at the Department of Homeland Security, aren't convinced though, and are still suggesting that users disable Java because new vulnerabilities will likely be discovered.

How do I disable Java? Chrome users

1. Open Chrome and enter Chrome://plugins/ in a blank tab's URL bar.
2. Find Java (TM).
3. Click Disable.
4. Restart Chrome.

1. Open Firefox and click Tools from the menu bar at the top of the screen.
2. Select Add-ons followed by Plugins.
3. Find the Java plug-in, it's usually called Java Applet Plug-in (Mac) or Java(TM) (Windows) and click Disable.
4. Close and restart Firefox.

1. Open Safari and click File followed by Preferences.
2. Click the Security tab.
3. Uncheck the box that says Enable Java.
4. Close and restart Safari.

If you do disable Java, some websites will no longer work. This can be a bit of an annoyance, but in all honesty, security of your systems is more important, not to mention the potential costs of dealing with a massive malware infection. Besides that, many websites no longer use Java, so you can probably get by without it. At the very least, we recommend you go download the latest update from the Java website and apply it to all computers.

One issue that we need to be clear on is that these security flaws are part of the Java plug-in. You may see something called JavaScript. While the name sounds similar, they are different. JavaScript is largely used in HTML documents, and allows them to function, and is secure. If you do run across it, it's best to leave the script alone.

If you would like to learn more about this update, you can visit an excellent FAQ here. Before you do update, or disable Java, we recommend you contact us. We can help advise you on what steps to take next if you use Java.

For computer users everywhere the threat of a security breach is an ever-present one.  The thing is, many systems are secure enough from outside attacks, and many scammers know this. As a result, they’ve switched tactics and have taken to masquerading as Windows technicians, hoping to get users to give up their credit cards.

These deceptions generally follow the same formula: A person calls you pretending to be from the Windows technical team at Microsoft. The scammer usually tells you it’s time to renew the software protection licenses on your computer in order to to keep it running.

Most of the time, these scammers spread the conversation out over a number of phone calls and emails,  in order to gain your trust. Once trust is established, or the user seems interested enough, the scammer will offer a sweet deal: They will offer a service that will make your computer run like new, usually for a seemingly reasonable price.

The scammer will then use remote PC support software to show you ‘problems’ your computer is having. They will usually show you the Windows Event Viewer – a part of the operating system that shows errors, usually harmless, that your computer has generated. The scammer will then tell the user that these errors are harmful, and if you have already provided your credit card or other payment information, they will make it look like they are cleaning your computer.

What’s being done?

Governments are aware of this increasingly common trend, and have taken measures to shut down scammers. This article from ars technica gives a good overview of what exactly the FTC is doing, while another article provides a first-hand account of how the scammers operate.

What can you do?
To ensure you don’t fall prey to this trickery, these five tips should help you identify a potential scam:

1. Microsoft doesn’t call people.
2. Windows Event Manager is a log of errors for ALL programs.
3. Microsoft employees will never ask for your passwords.
4. Most of these scammers operate out of call centers in India, but bill from the US.
5. Microsoft employees won’t usually ask you to install software that’s not made by Microsoft.

As a rule of thumb: If you get an unsolicited call about your computers and IT security, it’s likely not genuine.

If you have any questions about computer security email us at sales@virtualdensity.com.  We’ll answer all your questions and promise not to call during dinner.