Have you heard of URL hijacking?  What is it?  How does it happen?  What are the consequences?

I received a panicked call from one of my customers the other day:  Hey, what’s wrong here?  What happened to Mapquest?

So, I typed in mapquest.com and it came right up.  So I asked, tell me more about what is happening, please tell me step by step what you are doing and what you are seeing.

“Oh, I just typed in mapquest and I am getting this site that looks like mapquest but now they want my phone number and some other info.”

OK, where exactly did you type in mapquest?  In google* by any chance?  Did you put in mapquest.com?

“No, just mapquest.”

So I said, please type in mapquest.com in the address bar in the top of you browser, not in the google* search window.

“Oh, that works!  There it is!  Thanks!”  ”But I did type it into the address bar!”

So, what do you suppose happened here?  How did she get to a web site that was trying to scam her into revealing personal information?

Answer: URL Hijacking.

1. Her browser was set to search from the address window.
2. She did not type in the full URL. (or she could have misspelled it slightly)
3. She clicked on a result that looked like mapquest.
4. She ended up at a malicious website what was trying to trick her into revealing her identity and probably also attempted to install malware on her computer.

Solution:

1. Turn off searching from the address bar.
2. Never look for a known web site by searching for it. If you know the correct URL, type it into the address bar, not into some search engine.
3. If you do search for a web site, be skeptical and very careful about the results.

* any search engine can lead you to URL Hijacking.  Her browser happened to be set to search from the address bar using google.

Source, and more info: http://www.infopackets.com

FaceBook is very popular and there are about 400 million FaceBook users around the world.  Experts believe millions of users will fall for this attack and get infected.  Yes, that’s right – millions of FaceBook users will be infected by this targeted attack.

Unfortunately, 400 million users makes for a big opportunity for delivering malicious software.  Hence, Inboxes all over the world are being flooded with SPAM that is trying to induce FaceBook users to click on an attachment.  This attachment installs Trojans and other malware that is very dangerous to the computer user.   And unless their security software catches it, they will have no idea it is on their computer.

Our advice:

• Never clink on any link or open any attachment in any email that warns of dire consequences – be it about FaceBook or your bank, or anything else.
• Keep your anti-virus software up-to-date.
• Periodical scan your computer with a tool specially made for finding and eliminating malware.  One of the best is MalwareBytes Anti-Malware freeware version, which can be downloaded from http://www.malwarebytes.org/

A visit to the following web site would be advisable to anyone interested in computer security and Internet security:  http://www.stophcommerce.com

And send a link to anyone you know who may be vulnerable to being scammed or hacked.

The site is sponsored by McAfee, and will be posting a series of short videos about Internet security.

The #1 Internet scam is the known as the Nigerian scam, or the 419 scam.  

This scam weaves a very sad tail of woe,  a tail that is able snare many victims.

These scammers spew out millions of emails promising large amounts of money in return for some kind of specified task, such as helping to transfer a large sum of money left by some dead relative.  But these scam  always require some advance payments from the victim.

These advanced payments are the whole point of these scams.  The scammer promises a share of some large sum of money, while extracting many smaller sums of money from the victim.  The victim never gets any money.  But still, this scam is surprisingly successful.

By now, lots of folks have become wary of Phishing.  But what about “Vishing”?

Vishing is the practice of using an email or text message to bait a person to call a certain phone number.

The inducement is usually in the form of some dire warning about a problem with your bank or credit card account, and the email instructs you to call the phone number listed in the email.

At the other end, you will find someone, or an automated system, who impersonates your bank or credit card company.  They will request all your account details, and will those details to rip you off.

If you get one of these, DO NOT CALL THE PHONE NUMBER LISTED IN THE EMAIL.

If you do have any concerns about your bank account, call a listed phone number.   Find it on your statement or in the phone book.  Or, if it is about a credit card, call the number listed on the back of your credit card.

 And report the “vishing” attack.  (Just be prepared to explain what a “vishing” attack is.  They may not be familiar with the term.)

Computers that have been compromised and turned into remote control attack machines, otherwise known as Zombies, are becoming a significant problem.

These compromised computers are being used to attack a variety of Internet servers in a number of countries. These attacks can shut down web sites by overloading their servers with traffic.

For more information:

CypherTrust.com is a good source of information about Zombies and other security threats.

The title of this blog pretty much says it all.

Don’t Fall for the Old IRS Refund Email Scam.

The IRS does NOT contact taxpayers this way.

For more info: PCmag

Many email inboxes are being flooded with announcements that you have won a lottery. They usually that say something to the effect: your email address was picked at random, and has won a ton of money.

Well, that does not happen. Every last one of these emails is a scam. Period.

To be more exact, many of these are what is called an “advanced fee scam”. If you contact them, they will try to get enough personal information to steal you identity several times over, and secondly, you will be required to advance money in order to “process your winnings” or some such phony excuse.

One of the most certain things in life: You will never see that money again, and you will never get any winnings whatsoever. Period.

Unfortunately, thousands of gullible people fall for these scams ever year, and they loose millions of dollars. Don’t be one of them.

And please also ensure that none of your frends and relatives fall for this scam. Talk about it.

An new round of malicious e-greeting card spam is landing in in-boxes. It usually has the subject line “You’ve received a postcard from a family member!”

Whatever you do, do not open these spam emails, and do not click on the links.

If you do, you will be taken to a malicious web site that will attempt to install a variant of the Storm Trojan horse.

“Today’s greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed “the Hail Mary” by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.”

Source: ComputerWorld

This demonstrates the importance of updating all software to the latest versions. In this case, QuickTime WinZip and Windows are the targets. Users who have updated to the latest versions are protected.

And of course, it demonstrates the importance of being suspicious of all email that lands in your inbox.

The Finely Tailored Suit, er Email.

Spammers have learned to tailor their scam emails to specific groups of users. These spammers use clever social engineering to ensnare their victims. These emails can be successful in disarming caution in even the most cautions email recipient.

Our advice: