Archive for June, 2011

It’s a jungle out there – be smart online

June 29, 2011

[tweetmeme source=LANSystems only_single=false]Recently, I posted a job on craigslist for a senior systems and network engineer.  Although craigslist is a popular site, I have never used it and had some concerns about posting on a site that has received so much bad press. After researching, I decided to post our job and have been very happy with the response. But it’s a jungle out there and I knew to expect some scam artists to use the ad to try an attack.

Then today, I received an email from updates-craigslist: Updates!New Terms – Accept: June 29, 2011 with the following message:

———————————————————————-

craigslist

———————————————————————-
Dear Customer,

We need your help resolving an issue with your account. To give us time to work together on this, we’ve temporarily limited what you can do with your account until the issue is resolved.

We noticed some unusual activity . 

How you can help?

You must reverify your account and take the time to accept and read our terms: log in here  

It’s usually pretty easy to take care of things like this.

Ad: # 318-277-551-175

We understand it may be frustrating not to have full access to your account. We want to work with you to get your account back to normal as quickly as possible.

Thanks,

———————————————————————-

Copyright ©2011  Inc. All rights reserved. CL #73445897433\

It’s a scam and has all the characteristics (without typos) of a phishing attempt.  It tries to get you to login with their fake link and get you to input your account information.  Once your username/password was obtained, the phishers would take over your account and get as much information as they could about you.  They can’t do much on craigslist except make some inappropriate postings under your name, but they could use the username/password to break into other accounts like Twitter, Facebook or bank accounts.

So as a reminder, don’t fall for email scams.  When in doubt – don’t click, reply or forward.  Use strong passwords and make sure you have a good spam filter and malware protection.

Why does China want your gmail account?

June 2, 2011

[tweetmeme source=LANSystems only_single=false]Google is certain that the latest hacking attempt comes from Jinan, China as a phishing scam to obtain gmail passwords. This type of attack happens all the time, but since senior level US government officials, military personnel and political activists were targeted the intent seems much more sinister. The attacks were common phishing schemes that are not very sophisticated opening speculation that this was testing the water and that the information may be used for broader attacks.

If someone has your username and password, they can hijack your account.  Not only will they have access to your email, but they can change account settings, forward email and send email as you.  If you are unaware that your account has been compromised, the hacker can play havoc with your information and identity.

Certainly, you have heard these warnings: create a strong password, don’t divulge username and password information especially from email requests, use a good anti-virus, have malware protection and keep a good backup. This cannot be stressed enough – create a strong password for your important accounts.  Next, use a two-step verification or authentication whenever possible.  This is another way to prove it is you.  Google uses a strategy where they will send a unique code to your phone that is required to sign in. The problem with this security measure is that it is not convenient as it takes another step and more time. Often users choose convenience over security.

When you use more than one email address and if you send to a mobile device, be sure that you use security measures that adequately protect your information.  The more valuable the information, the more protection is needed. and just like physical security, use barriers as deterrents.  In the digital and virtual world, barriers are passwords, tokens, PINs and other information that only you will know.

To learn more about the Google 2-step verification, go to http://www.google.com/support/a/bin/answer.py?answer=175197