Skip to content
Skip to SEARCH-2
Skip to RECENT-POSTS-2
Skip to ARCHIVES-2
Skip to CATEGORIES-2
Skip to META-2
Skip to TAG_CLOUD-2
Skip to ARCHIVES-4
Skip to RSS-3

Mr. SzymanskiMr. Szymanski

Just another Berlin Public Schools Staff Site

Just another Berlin Public Schools Staff Site

Shrunk Expand

Primary Navigation

  • Tag Archives Phishing

  • Specialized Email Phishing Attacks Highly Likely

    Posted on April 9, 2011 1:22 PM by Craig Szymanski

    By Craig Szymanski

    This week many of you have received emails from companies (Best Buy, Chase, Citi, Disney, Walgreens, TiVo, etc, etc..), whose website’s you’ve registered with with that mentions a data or security breach in which your Name and Email address was stolen from a company called Epsilon. Epsilon is a company that send out gazillions of emails for a lot of companies(About 2,500). Simply they are a very busy email marketing delivery service with a lot of personal information.

    The Problem: Since these criminals now have your name, email address and the actual company associated with that information, you can expect that they will be sending you email communications posing as a legitimate company. I’m not going to get in to the technical aspects of how they will do this, just know that they can and will.

    The Solution: In a previous blog post I mentioned phishing attacks that appear to come from a legitimate source yet do not. In that post I summarized at the end a few things that you should do to be cautious and protect your information/identity from being stolen. What I really should have said is simply: Do not click on links in an email*.

    If you get an email from your bank, read it, maybe it is real (Do you always believe everything you read?) and something you need to take care of. Instead of clicking on that convenient link in the message, manually open your web browser(hopefully you use Firefox or Chrome), go to the companies site that you should have bookmarked and take care of business.

    For a fairly complete list of companies that were exposed check this website: http://www.databreaches.net/?p=17374

    For more on Phishing attacks the FBI.gov site has a good example: http://www.fbi.gov/news/stories/2009/april/spearphishing_040109

    If you want learn more about computer security I recommend this weekly podcast: http://twit.tv/sn . They have hundreds of shows online with notes: http://wiki.twit.tv/wiki/Category:Security_Now_Show_Notes

    ——————————————————-

    * Unless of course you know what message headers or HTML source code are and how to decipher what they actually mean. I only look at them since it is part of my job and I am curious. In reality, it is easier and safer to just go to the companies website manually.

    Filed under:

    Category: Computer Security, For-Facebook, For-My-Facebook, Phishing, Email, Epsilon, phishing


    📂This entry was posted in Security Uncategorized 📎and tagged computer security Email Epsilon Phishing

  • Security Note: Fake SSL Certificates Issued for 9 Popular Websites

    Posted on March 24, 2011 2:44 AM by Craig Szymanski

    By Craig Szymanski

    Apparently Comodo issued security certificates for these popular websites…
    login.live.com,, mail.google.com, http://www.google.com, login.yahoo.com (3 certificates), login.skype.com, addons.mozilla.org. This would allow attackers to create fake websites using these certificates and pose as authentic site and at least steal your logon information.

    So when your Microsoft Update asks you to install an update out of make sure you do(That little yellow shield near the clock). If you do not want to wait for the update to come to you then go get it here…

    http://support.microsoft.com/kb/2524375

    In addition, make sure you update your Firefox Browser as well. Mozilla Firefox released 3.6.16 today also to include a fix that “blacklists a few invalid HTTPS certificates”. The Firefox 3.6 update is available here: http://www.mozilla.com/en-US/firefox/all-older.html
    Or just simply update to the latest version: http://www.mozilla.com/en-US/firefox/new/

    References:

    http://www.wired.com/threatlevel/2011/03/comodo-compromise/

    http://support.microsoft.com/kb/2524375

    Category: Computer Security, For-Facebook, For-My-Facebook, Phishing, Security, Windows, Comodo, FireFox, MIcrosoft Windows, phishing, Security Alert, SSL


    📂This entry was posted in Security 📎and tagged Comodo firefox MIcrosoft Windows Phishing Security Security Alert SSL Windows

  • Avoiding Phishing Scams That Look Like Facebook Notifications

    Posted on March 17, 2011 2:07 AM by Craig Szymanski

    By Craig Szymanski

    Social network users need to pay close attention to links that come to you via a social network website. There are several Phishing scams circulating that will trick you into clicking on a misleading link in a message. Sometimes the link is just to show you something that they are trying to sell, or infect your machine with a malicious program such as a virus or trojan. By default facebook notifications come to the email account that you signed up with. For me this is not a big deal. I just used an inbox that I use for nothing but junk and rarely do I visit it, but there are several that will check an email account daily if not more and have “notifications” in the inbox that will be clicked on regularly. Below is an example email fake facebook notice. It looks genuine. I should know. My wife clicked on it before I could tell her that it wasn’t real 🙂

    This email looks like it is from facebook. The return address has facebookmail.com in it just like all the other messages you receive from this website. So what do you do? The first thing you need to do is just hover your mouse over a few of the links (do NOT click on them) and see if they actually read the same in the hover as they read…

    You can see from these examples that if you click on these links it will send you to a site that is anything but facebook. The domain: campus.2kool4u.net is where this goes. If you click on it the site will redirect to a site selling viagra. If you look at https://whois.domaintools.com/2kool4u.net you see that the 2kool4u.net domain hosts quite a few different sites. This looks a tad “phishy”. Try googling these keywords: 2kool4u.net scam and all you seem to find is junk and more junk.

    Summary/Options:

    1. Do not click on links in an email unless you are sure that it is a good link.
    2. Turn off your notifications or just trash them and manually go to the social networking site and look at your updates.
    3. Turn off HTML email in your mail program if you can. There should be an option to view mail as “plain text”. This is inconvenient, but it removes the fake links from the message.

    Note: Edited on 4/9/11 to change #1 and #2 in the summary. Simply do not click on links in an email. Explanation on this newer blog post.

    Filed under: Computer Security, For-Facebook, Internet, Phishing, Social Networking

    Category: Computer Security, For-Facebook, Internet, Phishing, Social Networking, computer security, Email, facebook, phishing


    📂This entry was posted in Security 📎and tagged computer security Email facebook Internet Phishing Social Networking

  • Tags

    10.6.5 adobe Apple Comodo computer security databreach Email Epsilon facebook firefox flashplayer IDS Internet keyboardbrainfart linux Macintosh malware MIcrosoft Windows Network Administration passwords Phishing Safari Security Security Alert SmartSoftware Social Networking Squid SSL Windows

  • Recent Posts

    • Is that website safe?
    • Using OSSEC to Detect MacDefender in Squid Logs
    • Macintosh Fake Anti-Malware: How to Protect Yourself and Your Network
    • Online Accounts: Just a Bit of Common Sense
    • Specialized Email Phishing Attacks Highly Likely

  • Archives

    • May 2014
    • May 2011
    • April 2011
    • March 2011
    • February 2011
    • November 2010
    • September 2010
    • June 2010
    • June 2009
    • April 2009
    • February 2009
    • August 2008
    • May 2008
    • March 2008
    • August 2007
    • May 2007
    • March 2007
    • February 2007
    • January 2007
    • December 2006
    • November 2006
    • October 2006
    • August 2006
    • July 2006

  • Categories

    • Linux
    • Macintosh
    • Security
    • Uncategorized
    • Windows

  • Meta

    • Register
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

©2025 raindrops Entries RSS and Comments RSS Raindrops Theme