Over the past week we alerted users to the return of “profile spy”, a tool that promises to let users see who’s viewing their profile. As we said last week, the tool is FAKE, however it isn’t preventing thousands of users from participating in the scam once again. Rather than using a different strategy than last time, the only thing that the scammers have changed is the URLs. Do not complete this scam, instead share this article and let your friends know of the scam.
As before, here is the message that’s being posted when users complete the scam:
OMG OMG OMG… I can’t believe this actually works! Now you really can see who views your profile!!! WOAH
The scammers have dramatically increased the number of URLs that are part of this widespread attack. These are the latest URLs that we have compiled that are part of the attack:
Profile Spy scam continues to spread, as first pointed out by AVG.
Phishing scams threaten our Internet security and can be hard to detect. They can lead to identity theft, viruses, or the need for computer repair. To help protect your Internet security, we offer five tips for detecting phishing scams.
1. Avoid Action – Phishing scams work when you take action. An email that requests you reply with information or features clickable links only may be an attack. Generally legitimate emails include cut and past style links to verify instead of clicking. If there are only clickable links, the email may likely a phishing scam.
2. Beware of Overly Technical Words and Phrases – Phishing frequently uses highly technical words and phrases within their emails to scare you into believing them. An email that discusses your security in great detail, or sounds as if it was written by a computer tech, is probably a phishing scam. Legitimate businesses send out emails that can be read and understood by typical people, not just computer specialists.
3. Check the Links (URLs) – Phishing scams violate your security by providing links to apparently legitimate sites. Protect your security by checking the URLs of all links. The URL is the address of a website, www. some website.com for example. If you move the cursor over the link in an email, the URL that link connects to will be displayed at the bottom of the web browser. Make sure the URL corresponds to what it’s claiming to be. Otherwise, your security may be at risk.
4. Read Carefully – Emails from legitimate businesses are screened carefully, so mistakes can be signs of phishing. Many of these mistakes are small, like spelling “reset password” as “reset possword”, for example – and hard to notice. Read carefully to protect your security. A poorly written email is a indication of phishing.
5. Verify – If you worry that phishing emails might be real. Overcome this fear by contacting the “sender” directly, NOT by replying to the email or call a phone number in the email, however by only using an known, published, and good web address or phone number, DO NOT give them any personal information.
Facebook users are now better protected from unauthorized password changes and suspicious logins thanks to a new set of security features.
The first: if a user enters an old password that has since been changed, Facebook now tells the user when the password was changed and asks if the user remembers doing so. If they don’t remember, they are asked to verify their identity, and are prompted to reset their password or use the hacked account self-recovery tool.
The second change: if an account is logged into from somewhere distant from its usual login location, the person accessing the account will also be brought through the identity verification flow which instead of changing passwords involves identifying friends in photographs.
However, it’s not perfect. Some users have friends they can’t recognize by photo, or are prompted to identify people in photos that only include logos, pets, or other indistinguishable images — and they have been mistakenly locked out of their accounts by this identity verification method.
The bug admission affects all versions of Windows (XP, Vista, and 7).
Need assistance call BWS Technologies @ 358-6305.
This is a pretty nasty attack and for once Microsoft have actually acknowledged and confirmed this is a critical unpatched vulnerability. Incidentally Microsoft also recently retired Windows XP SP2 from the support cycle, and this vulnerability effects that system and they have stated they will not be patching it.
It’s a pretty serious bug and it seems hackers have been maliciously exploiting it in the wild for over a month. The Stuxnet malware has been using this vulnerability to gain access to machines then download further attack files including a root kit.
“In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware,” Dave Forstrom, a director in Microsoft’s Trustworthy Computing group, said in a post Friday to a company blog . Stuxnet is a clan of malware that includes a Trojan horse that downloads further attack code, including a rootkit that hides evidence of the attack.
You can find a temporary workaround in the Microsoft Security Advisory here:
And Microsoft has stated they are working on a patch, but Windows XP SP2 user will not get a patch.
Need assistance call BWS Technologies @ 358-6305.
A little known feature in Facebook will help you stay on top of your Facebook account and everyone who’s accessing it. The feature, provides you with notifications every time a person accesses it from a new computer. You can receive both email and SMS notifications about the access.
Two steps to a more secure FB account:
You’re Done! You will now receive notifications every time someone logs in to your account from a new computer.
Adapted from allfacebook.com
Adapted via mashable.com
A common place that a lot of people probably do not think getting a virus from is digital photo kiosks. These places are prime distribution points for infections. Think about it, if you were up to no good with some know-how, you could infect the photo kiosk computers then sit back and laugh as literally thousands upon thousands of people walk in and insert their memory cards.
Some Windows-based photo kiosks apparently don’t run antivirus software, so lovely little bits of malicious software like Trojan.Poison-36 are winding up on customers’ USB keys.
What can you do to protect yourself against infection from a dirty public kiosk?
The past couple of weeks we have had many computers brought into the shop that have had un-expected power supply or motherboard failures. We have also had many electrical events in the area such as lightning and brown outs. Most did not have an UPS or surge protector. Coincidence? Not likely…
The important step of power surge protection is often neglected. After all, the chances of being blown out by a direct or nearby lightning strike are pretty slim. While that may be true, lightning is not the only reason of power damage to your computer and peripherals. The seemingly harmless erosion of minor but frequent power spikes can be just as damaging over time, if not as dramatic. In fact, industry reports estimate that the average household encounters 120 power problems a month. Unnoticed on the surface of things, those daily hits take their toll, gradually diminishing your computer’s performance, accumulating damage and threatening your data.
Fortunately for you and your files, help is at hand: the oft-overlooked guardians known as surge protectors and UPS devices.
What are they and what do they do?
Surge protectors and UPS (uninterruptible power supply) devices protect your expensive computer system and invaluable data by regulating wayward power fluctuations — not just the spark-showering lightning strikes, but more mundane surges from everyday sources, such as the kick-in/kick-out routines of household appliances like refrigerators or air conditioners. These protection devices stand between your computer equipment and the power supply, absorbing any excess power and grounding it, thereby warding off performance glitches and gradual damage. They also guard against moderate surges — spikes that fall far short of lightning, but still carry enough of a wallop to damage and even destroy unprotected components.
However, while a surge protector successfully manages excess power, it leaves its back turned to problems caused by inadequate power, such as blackouts and brownouts. A UPS takes that extra step by shielding against the sags as well as the spikes. It uses AVR (automatic voltage regulation) to automatically boost or reduce voltage to maintain the optimum power level. During power outages, the backup power source of a UPS gives you a few minutes to save your work and shut down properly.
In short, a surge protector is built to sufficiently handle all power spikes that come its way, while a UPS device is designed to deal with the entire spectrum of power problems. Both can manage surges that range from the mundane to the fire-breathing. Take the worst-case scenario: a lightning strike. Depending on the proximity, the blast may damage or even destroy your surge protector or UPS, but in the process, the device will have sacrificed itself to keep your equipment unscathed. Besides, it’s certainly easier to replace a surge protection device than your entire computer system, not to mention all your data.
What should I look for when buying one?
Before shopping for a surge protector or UPS, make an inventory of your computer system and its peripherals so you can find a suitable match. It is critically important to plug each and every cord and cable into the protection device, because each one is a point of entry for power spikes. Leaving even a phone line unconnected creates a gap in your defenses. Therefore your surge protector or UPS must have enough AC outlets, phone jacks and networking ports to accommodate all your equipment.
When considering a UPS, you must also know your system’s total power requirement. Check the labels and back panels and create a list of the watt, VA or amp power consumption rating from each component. UPS power levels are expressed in VA (voltage amperes), so convert any watt or amp listings to VA; simply divide watts by 0.7, and multiply amps by voltage (120 volts standard in North America). Add them all together to find the minimum VA level you need.
Here is a list of product specifications that may help you narrow the field:
How do I use it properly?
OK, you’ve decided our advice makes sense, purchased a surge protector or UPS and brought it home. It’s even out of the box, looking promising and trustworthy. Now here are a few tips for ensuring it does everything it’s supposed to do:
Ready to protect your computer system against renegade power problems?
Need assistance, we can help. 358-6305
Adapted from information etown.com
We cannot remind others enough about the tips below. We see it everyday… a computer gets trashed by someone not following the 3 cardinal rules of email.
1. Don’t open e-mails from people you don’t know.
2. Don’t open e-mail attachments from people you don’t know.
3. Beware of e-mail attachments from people you do know.
Read on for more great Email tips:
Don’t pass on “chain letters” or forwards, at least not messages that have no informative value. It may seem harmless, and I’m not really sure what people’s motives behind starting them are, but the end result is a lot of useless Internet traffic which has to be processed before real e-mails and requests for web pages can be processed. It seems so innocent, how could forwarding one little chain letter hurt anything? Don’t forget there are millions of other people around the world doing the same thing, all that useless traffic adds up. Not to mention that they’re annoying and personally I question a person’s reliability if they forward me bad news or even worse, a message that just says I’ll have bad luck if I don’t pass it on. I have broken many chain letters in my time, and I assure you no ghost is going to kill you, and you’re not going to have bad luck, so break the cycle and don’t forward spam.
Trash those generic e-mails from random foreign guy, who needs an American citizen to set him up a bank account in the US for whatever contrived reason, and will split the millions he saves by doing this with you, but somewhere along the line needs you to wire him a large cash sum. You’re not investing in your future, you’re giving your money to a con artist.