28 May 2014

Watch Out Online

Posted in Blog

In years gone by, traditional door to door hawkers would take up your time selling unwanted goods, now that you have an online presence, anyone can contact you but there are some things to be on the look out for.
These not only are threats to loosing money online, but also threats to your privacy and identity.
Clever marketing or social engineering? There are plenty of ways you can be exploited online with technology... Here are a list of a few common methods to WATCH OUT for!
Verification Emails
Emails will also come to you asking to confirm your email address password.  This is very common for businesses who have websites that can have their email address harvested, it just needs to be on your website.  The email will appear to be from a technician with a link to say “click here to confirm your details”..  Note that we never ask you for your email passwords, we actually do not keep a record of them as access to your emails should and must be private!  When you click the link it will be to a site that will store you login details and with 100% certainty then hijack your email account to send massive amounts of authenticated emails and will result in our server being blacklisted.  They can also create accounts on other websites such as ebay without you knowing.  A new one that arrived today was from “Microsoft Digital Crimes Unit” providing a “Validation Link” to verify your details, by hovering over the link the URL will appear, it is clearly not from microsoft and the domain it goes to is www.micosoft.com , its missing the r!  Other variations include your ebay account, bank accounts, hosting accounts, paypal, etc WATCH OUT
Domain Scams
An email will come to you from a legal department or “lawyer” stating that a company they represent is registering a trademark that conflicts with your domain name.  One thing to know is that there is NO trademarks or INtellectual Property Rights on domain name, it is first come first served and never the ownership of the registrant, it is “hired” so to speak as long as you have the renewals paid it is yours to use.  The email will say that they have other domains close to yours and say that they will register it if you dont, this is just a cleaver way to sell you a domain name at an inflated price.  Fear of loss is why insurance companies make lots of money, a powerful call to action.  WATCH OUT
Domain Renewal Scams
This usually comes in the letter box, an official envelope with a logo similar to Domain Registry containing an invoice for payment for your domain name.  They vary differently, however the business name tricks you in two ways, they look like an authority to register or renew your domain.  Look closer and the domain actually is similar to yours not not the same but at an inflated price. People often pay the invoice for $249! Again this targets busy companies that pay their invoices without checking.  The ACCC has targeted one particular business based in Australia and New Zealand and they continue to use this direct marketing ploy freely as in a way it is not illegal.  We are asked almost weekly about these “invoices”, no they are not from us, throw them in the bin!  WATCH OUT
Selling Online – Phishing – (Like Fishing for a sucker)
1.  This happens regularly to people who have listed cars for sale, an interested person will say they are happy to buy the car and arrange for their own transport company.  What happens next is the transport company asks for an upfront payment to clear customs or for unexpected costs, you pay and you never hear from either the transport company or the buyer again.  WATCH OUT
2.  If you have an ecommerce website, you may be approached with a similar scheme to the one above, or to ship products to some obscure location, don't be tempted to trade outside of your website or outside familiar payment gateways, direct them to your website to order and pay for the goods.  WATCH OUT
3.  Another tactic is via phone to sign up to directories/calendar/advertising your business – often the directories do not exist or have very little value – watch out when they say “you business participated last year we are calling you back to do it again”.  Here they are using social engineering to exploit busy companies where people change jobs or leave.  WATCH OUT
Technical Support
Via Phone, you may have received a call from someone claiming to be from “Microsoft Technical Support”.  You should know that microsoft publically have stated they never call customers, this should be your first alarm bell.  The caller will state that your computer is sending error messages.  What the caller will want you to do is with their direction download and install a piece of software called AMY or similar, it will do several things apart from slow down your computer, it will also log your keystrokes and convert screen shots to files so they can capture you entering in your banking passwords etc.  They often will tell you that they can make all of this go away if you give them $$$$ and take your credit card.  The interesting thing about this scheme is that legally you are installing the software not them, so they get around the legalities of infecting your computer.  WATCH OUT
Browser Infections
Your computer is running very slow, slow internet is enough to make you shake your fist at the screen, and the browser is doing funny things and.  Often your anti-virus program will not pick up a browser infection because the infection has come through a link clicked on at a vicious website.  Unsupervised children are notorious for wildly clicking on websites that offer online browser games, a link is not always a link.  Apart from being slow, you will also notice lots of pop-ups, changes to the appearance of your website like SnapDo does, toolbars appear etc.  Often other applications will pop up claiming that your computer is slow and can be fixed – just click here and pay $29.99 and make your computer faster.  Sound familiar?  These often come through in via the browser, clicking on suspicious popups, even to close them can actually make it worse, just ALT-CRL – Del, go to task manager and close your browser program, hitting F4 can also close the window. WATCH OUT
How to protect yourself
1.  Ensure you do not give out information easily.
2.  Ensure you do not use easy to guess passwords.
3.  Do not use the same password on all websites, if they can access one, they can access them all!  Same goes for your email address, anyone can login and read or send emails without you even knowing!
4.  Change your passwords regularly and use capitals and symbols.
5.  Never click a link in an email without thinking of where it will take you, particularly if it asks for your information.
6.  Ensure your modem at the office is password protected and not an easy to guess passkey, anyone who can connect to your WIFI can snoop on you and gain access to your files.
We will never ask for your personal information via email.  Have you been caught out?  Tell us your experience This email address is being protected from spambots. You need JavaScript enabled to view it.



Leave a comment

You are commenting as guest.