123 Simples News
|Scams E-Mails and Hoaxes
E-Mail Hoax and Scam using Google Docs
Please open the document i uploaded for you using Google docs is how the content of this scam email starts off. On 14th October 2013 one of our business colleagues had their online AOL email account compromised, and emails were being sent out to their entire contact list. The email read as follows:
Please open the document i uploaded for you using Google docs.
Click here just sign in with your email to view the document its very important.
The link took people to a website page that looks like this image below:
The web page did not flag up any alerts on anti virus systems (because the web page does NOT contain any viruses) , and because the email was sent from a recognised email address on your own contact list (even using the signature of the sender) it seemed quite believable that the link was genuine. The page has various buttons as you can see, AOL, Gmail, Yahoo, Windows Live and Other E-Mails for users to click on.
Clicking the specific button then asked the user to enter their email address and password - if you then do this you are inadvertently being scammed, as the web page then will record your email address and the password you entered, and then the criminals will have direct access to your own email account, contact lists, and any emails in your system.
The dangers:These people are praying on you making a mistake. Most web based email systems are very useful, but also remember that if you have weak passwords, or weak user-names, then if your web based email systems are hacked into by using this kind of hoax, then ANY emails in your system will be accessible by them.
This might be emails that contain banking information, confidential information, account names, account details, online shopping emails - the list is practically endless!
Please warn others about this.
| 0 Comments
Nikki attempts the Great South Run on 27 October 2013 - in aid of funds for the Ickle Pickle's Charity.
| 0 Comments
|Scams E-Mails and Hoaxes
If you should receive an email headed with FEDX (or Fedex) claiming that they tried to deliver a parcel, or collect a parcel from them, then be warned. The chances are that you are being scammed. It's easy to be tricked into clicking links like this, especially if you are actually waiting for a parcel.
This particular email scam relies on you clicking on the actual link. This email typically starts with:
Order Date: Thursday, 17 January 2013, 11:10 AM
Your parcel has arrived at the post office at January 18. Our courier was unable to deliver the parcel to you.
To receive your parcel, please, go to the nearest office and show this receipt.
GET & PRINT RECEIPT
Best Regards, The FedEx Team.
However, the emails are not from FedEx and the claim that a package has been returned is a lie designed to fool the recipient into opening attached files or clicking links. The attachments do not contain a mailing label. Instead, they contain a malicious .exe file, usually hidden inside a seemingly innocuous .zip file, that can install malware on the user's computer. Alternatively, links in the messages may open compromised websites that harbour the malware. Typically, this malware can modify the registry on the infected computer, connect to remote servers and download and install additional malware. Wording of the malware emails may vary, although all make reference to a package that could not be delivered.
More details about this scam can be viewed by visiting Hoax Slayer at: http://www.hoax-slayer.com/fake-fedex-invoice-malware.shtml or on the FedEx website: http://www.fedex.com/bs/fraud/virusalert.html
| 0 Comments
|Software & Security
You may have recently seen some of the extensive news coverage, including statements from the United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites.
This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Here is how you can check your installation of Java if using Windows 7:
Go to the Start Globe (lower left corner)
Choose Control Panel
Depending on how you may have your control panel setup you can find Java by -
View by Category > Programs > Java
View by Small Icons > Java
Left click on Java and then choose the Update Tab
On the update tab choose Update Now
The program will check to see if Java is up to date, and if not, it will download the latest version of Java.
When (or if it does need updating) then unless you want the free toolbar from Ask (which the install will suggest you have), then simply untick the box asking you to install the Ask Toolbar
Complete the installation, and you should be good to go and all updated.
| 0 Comments
|Newsletters - General, Newsletters - TechSquad