Got this one today… watch out and read very carefully – subject line says Shoppers (I have a Shoppers rewards card) but the email body says Walgreens (huh?!) #phishingalert
Is this really a phishing email? It’s hard to say because I did have a Yahoo! account during that period (dummy account for testing) but there is no way I’d click on anything with the word Yahoo! in it… just beware and be careful! #phishingalert
I was reading about threat actors (bad guys who carry on cyber attacks) and the phrase “institutional knowledge” really popped… this relates to attacks done by insiders and very few people pay attention to them, even care about mitigating this very serious risk.
Anybody with an extensive knowledge of how your business works does not need much sophistication or super hacking skills Hollywood-style (most b.s. BTW), only needs to know enough like when Karen from Accounting leaves for a coffee break and forgets to lock her computer screen or if Bill from Sales has been sick for a week and left his password on a sticky note as he always does.
Food for thought…
In this hyper connected world we live in more and more people go online from places other than home or office; this means using public access points like coffee shops, hotel rooms, a friend’s house, libraries (yeah some people still use them, I personally love them), etc.
The issue with accessing the Internet from “untrusted” networks is exactly that, you really don’t know what level of security (if any) these places offer. In most situations, people simply give you their wi-fi password without even realizing their own network can also be compromised (I’ll write about wi-fi guest access on another post soon).
To add insult to injury, a lot of naive computer users access their on-line banking, email and cloud storage from unsecured and open networks that don’t require any passwords, despite the fact that their own computers label the open networks as unsecured, right there! Here, any bad guy with a medium knowledge of data spoofing can see pretty much everything you’re doing.
If you often connect on the go, then a VPN is the right solution for you!
What’s a VPN? VPN stands for Virtual Private Network and in simple terms, it creates a secured, encrypted “tunnel” between your computer and the Internet location (website or end-point) that nobody can see/hack/steal/spoof/sniff. VPNs were the sole domain of complex IT infrastructures years ago, but today providers like Tunnel Bear have made this technology super available and super easy to use.
In this graphic (courtesy of Microsoft), your computer connects using a “tunnel” to another network called Intranet that could be your online banking website, your Google Drive/Dropbox storage or your Gmail. It is important to mention that Google, Apple, Microsoft and the other big companies offer encrypted access to their servers, and your bank also has plenty of security measures in place to make sure their end of the equation is secured, but they cannot guarantee YOUR side of the connection and it is your sole responsibility to do so. This is why a VPN can serve as the ultimate “piss off” tool to keep hackers away.
In summary, why use a VPN? According to my favourite provider Tunnel Bear:
Hide Your IP Address & Location: Your IP address is the unique number that websites use to determine your physical location and track you across different sites. Use a VPN to keep your IP address private from websites, hackers and advertisers.
Secure Your Data: VPN shields your personal information from prying third-parties and hackers on public WiFi, ISPs and other local networks.
Safe & Convenient Travel: Safely access your email, favorite sites, domestic news and entertainment while travelling abroad. A VPN can bypass restrictions, keep your online activity secure and help you stay connected with life back home.
Block Online Trackers: There are countless ways you are being tracked by advertisers, social media and other companies. a VPN blocks many of the common ways you can be tracked and limit advertisers from tracking everything you and your family do online.
VPN services range from free to about $50-$80 per year. The BIG advantage of paying for a VPN is constant support, reliable service and the convenience of being able to use it on multiple devices (computers, tablets and smartphones). This is definitely a service you should pay for.
During our daily web routines (reading the news, doing some “Facebooking”, online banking or reading our Gmail) we are constantly visiting websites that show some sort of advertisement, usually on the right or upper side of the screen. Although I believe quality online content should not be free and qualified advertisement is a legitimate way publishers monetize their work, I am also concerned with the growing presence of malvertising.
Wikipedia defines malvertising as “the use of online advertising to spread malware”.
Malvertising is a fairly new concept for spreading malware and is even harder to combat because it can work its way into a webpage and spread through a system unknowingly: “The interesting thing about infections delivered through malvertising is that it does not require any user action (like clicking) to compromise the system and it does not exploit any vulnerabilities on the website or the server it is hosted from… infections delivered through malvertising silently travel through Web page advertisements” [Infosecurity]
What makes malvertising extremely effective (and dangerous) is the insane amount of technology attackers put into making infected ads appear on reputable and safe websites. There are many types of malvertising: pop-up ads, In-text or in-content advertising, web widgets, banners, third party ads, etc.
We browsers (Chrome, Firefox and Opera taking the lead) are now alerting visitors to sites with HTTPS security (SSL Certificates) that, even though the site might be “safe”, some parts or contents on the site might not be:
The problem is, it is very hard to know what parts of the site are unsafe, you probably really need to do something on that site and it takes around 4 clicks on very specific locations to even get to the message above. Regular users simply will not do this. I personally visit news sites like CNN on a daily basis and this warning is always there simply because they cannot guarantee all the ads that display on its site are not malvertising.
Any way to protect myself against malvertising?
Antivirus and anti-malware software are catching up with this trend and detection rates seem to be going up; however this only applies to premium or paid versions… with the freebies, well… nobody knows for sure.
Uninstall browser plugins that you don’t use like Adobe Flash.
Keep operating system and browsers up to date – this is now not as bad since almost all browsers update automatically and they tell you when to restart.
If you want to know more, check this excellent article from Forbes