Category: Guidance

Identify Ransomware

If you are hit by Ransomware, you need to block off the attack by removing Internet access from your PCs and  servers,  stop any encryption processes in progress and any other processes running that shouldn’t be running.

Then the first stage of investigation is to identify what you’re facing and the website https://id-ransomware.malwarehunterteam.com/ is a good starting point.

You upload one encrypted file or the file that is the ransom message to this website and it will try to identify the variant of ransomware. Currently it can identify more than 500  different variants.

For each there is extra information which can tell you if there are decryption keys available on the Internet.

Some anti-hackers try to find the decryption keys and post them freely, but the blackmailers do know this and try to stay of ahead of them by using new variants for which there are no keys available except for the one held by the blackmailer.

The website is run purely as a free service to the public and does not decrypt files for you – you need an IT  professional for that (assuming it’s possible as many cannot be decrypted without a key from the blackmailer)

If you have a suspected virus rather than ransomware then there is a website that may help to identify it  at https://www.virustotal.com

As always, the advice is that it’s best to avoid being held to ransom – ensure you have adequate systems protection in place, staff that have been educated on the danger of cyber attacks, regular backups (including off-site) and have a plan in place to deal with a ransomware attack.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

The Danger of Internet Connected Gadgets in Your Home

Some homes are now filled with dozens of appliances, devices and children’s toys which can be connected to Wi-Fi and some are useful while others are just for fun, but if they are not fully secure the consequences can be unpleasant .

Often set with a default password or no password, these devices can  provide an easy route for cyber attackers to get into your systems and look for confidential information.

The Internet of Things

The “Internet of Things” is a name for the adoption of Internet enabled devices in the home. The idea being that more and more household objects will communicate over the Internet. Common such items now include thermostats controlled by an APP, smoke alarms that phone you, toys that access Internet stories and music, the Alexa and Google Home devices that you can say instructions to and they use WI-FI to control other devices or find information or translate something. This also includes Internet-connected “wearable” devices, such as fitness bands which upload your GPS co-ordinates and telemetry to the Internet so you can access the data on your PC.

Many companies are working on more of these Internet of things devices.

These devices can give out information to interlopers that you may not consider e.g. the recent case of American Special Forces soldier wearing fitness bands and their location being broadcast on Google.  OOPS.

How to Make Your Connected Home More Secure

  • Secure the wireless network. Use the WPA2 protocol if your broadband router allows that option.
  • Give your Wi-Fi network an unusual name that doesn’t identify your address e.g. General Electric.
  • If guest access is enabled on the network – disable it.
  • If your router is capable of creating two separate WI-FI networks then use one for computer devices and a separate one for household gadgets.
  • Always use strong passwords that cannot possibly be guessed by anyone e.g. a string of random words.
  • Login name is often admin or administrator by default – If you are able to change the login name then change it to something that cannot be guessed.
  • Disable any remote access for gadgets. If you ever need it for allowing the supplier to fix a fault then you can re-enable it temporarily.

Some of these gadgets have appropriate Internet security and insist on strong passwords etc.  but others have little or no thought of security, so you must take care to plug any holes in security.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

What If Your Business Has a Data Breach

If your business suffers a data breach i.e. hackers access your system and steal confidential information then you have a lot to do to deal with the breach, communicate with all affected parties and put in place better security to prevent another breach.

How well you deal with the breach often affects the total cost and the level of damage to your business reputation.

These four steps can help:-

1. Investigate the Breach

  1. How did it happen?
  2. What was stolen?
  3. Can the hackers regain entry to your systems?

You’ll need to know exactly what information was lost in the data breach.

Less sensitive information includes  name, address. phone number etc. This can be used by scammers and cold callers but that information is readily available for most people through the phone directory, social media and  the Electoral register.

More sensitive information includes date of birth, name, financial details, payment card details.  Combined with the less sensitive information this can be used for identity fraud.

If the stolen data includes names with login and passwords then you need to act fast to warn people to change their passwords.

2. Determine the Possible Damage

Once you know what data has been stolen, you need to understand how this can affect people i.e how this data can be used by criminals. Will they likely sell the information to a competitor or to other scammers or ransom it back to you?

3. Communicate with All Interested Parties

You need to inform all affected parties ASAP.  This may be customers, partners, staff, suppliers etc. If the breach is serious then you should inform the Information Commissioners Office.  If relevant inform the Police.

4. Increase Your Security

Unless you have security experts, you may need to hire experts to assess your systems and see how security can be improved. Start enacting those improvements straightaway and of course close off whatever method the hackers used to get into your systems.

A data breach can be very serious and must be dealt with quickly and efficiently to minimise damage to your reputation.

 Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Facts About Data Breaches

Hackers break into company computer systems and steal confidential information. i.e. they make copies of it for their own purposes.

The hackers might then ransom the data back to the owner or sell it to a competitor or sell it to other scammers or  might make us of it in phishing scams i.e. to get more confidential information which they can then sell to fraudsters.

This is big business and usually it’s the customers of the hacked business that suffer.

We give our private and financial information to companies to do business with them but we expect they will do everything necessary to keep that data secure.

Many companies do have excellent data security but some fall short.

The cost to a company of a data breach can include:-

  1. Creation of contact databases
  2. Regulatory requirements
  3. External experts
  4. Postal costs
  5. Communications set-ups
  6. Audit services
  7. Helpdesk
  8. Legal expenditures
  9. Reimbursement for customers
  10. Cost of cleaning up data

Besides the material costs, there may be reputation damage.

Recent research shows:-

  • The average cost of a data breach is $3.62 million
  • The average global total cost per record stolen is $141 but there is huge variance across incidents.
  • Companies in South Africa and India have the highest chance of data breaches whereas companies in Germany and Canada have the lowest.
  • The mean time to identification of a data breach is 191 days
  • The faster the breach is recognised, then generally the lower the total cost
  • The increasing use of mobile platforms is increasing the chances of data breaches.

For information on how to recognise a cyber attack see https://fightbackonline.org/index.php/business/102-do-you-know-if-your-business-has-been-cyber-attacked

[facts taken from 2017 Cost of Data Breach Study]

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Fake Website Links

You will come across fake website links in emails, on websites, social media, text messages and more.

In this context, “fake” means a link that doesn’t take you where it says but instead goes to some other website or web page.

Why do people make such fake links?

Mostly there is a deliberate intention to mislead – promise a link to one site but take you to a different site where you don’t want to go.

This may be an attempt to infect your computer with malware or to get you to a page you have little interest in or simply to get you to look at a video or a webpage for which the link poster gets paid per visitor.

How to Identify Fake Links

  1. On a PC hover the cursor over the link and it should show the real destination URL. If this does not match what the link says then you have a fake link and you should not click it.
  2. On a MAC make sure you have the status bar showing first
  3. On Android phones you can press and keep your finger on the link and a box will open offering options but at the top it shows the complete link

Shortened URLS

Some webpages have very long addresses and if you’re sending a link to someone or posting on Twitter for example then some way to shorten these links would be welcome.  There are various services on the Internet that can do just that.  Twitter does this automatically for long links.

These shortened URLs make it difficult to identify the destination of the link. If in doubt – do not click.

Very Long URLs and Email Addresses

Most people create short URLs i.e. links as they want them to be easy to remember and to type e.g. fightback.ninja/the-inflammation-scam/

But some large websites deliberately create long URLs in order to make the purpose of the page easy to understand  from the name e.g. http://www.sheppardsoftware.com/content/animals/kidscorner/classification/kc_classification_appearance.htm

Scammers use long URLs in order to try to hide the true destination of the URL.  E.g. customerservice.lloydsbank.768092676414336492872654576277@78397123719273917cheapscam.com

That is not Lloyds Bank.

Scammers also use the confusion trick with email addresses e.g. customerservice.lloydsbank.768092676414336492872654576277@78397123719273917cheapscam.com

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

The Battle Against Illegal Medicine Websites

There are countless Internet sites selling drugs and medicines, without prescription, that should only be available with a Doctor’s guidance and prescription.

The reasons people buy medicines from Internet sites can be just about saving money but can also be about anonymity, fear of approaching a doctor, ignorance of the dangers involved and so on.

There is a government campaign called #fakemeds with a website at https://fakemeds.campaign.gov.uk/

You can use this website to check if a website you are thinking of buying from is registered to sell medicines and you can report suspected fake medicines and suppliers.

The potentially dangerous products seized by the Medicines and Healthcare Products Regulatory Agency (MHRA) had not tested for safety and have been found in some cases stored in dirty, rat-infested warehouses and garden sheds. In 2016, MHRA seized more than 4.6 million fake medical products and closed thousands of websites selling medicines illegally.

The three key messages are

  1. More than half of all medicines bought online are fake
  2. Side effects can include heart attacks, strokes and death.
  3. Buying from dodgy websites also increases the risk of being ripped off through credit card fraud or having your identity stolen.

The #fakemeds campaign is run by MHRA and a recent study in co-operation with Slimming World shows:-

  • One in three slimmers have tried slimming pills purchased online.
  • Three quarters of slimmers (77%) were enticed by promises of rapid weight loss, more than half were attracted to being able to order discreetly (57%) and more than four in ten (44%) ordered online because they didn’t want to speak to a GP or pharmacist.
  • Nearly two-in-three (63%) suffered unpleasant side effects after taking slimming pills bought online. These side effects included diarrhoea, bleeding, blurred vision and heart problems. Worryingly, four out of five (81%) didn’t report these side effects to anyone.
  • Four out of 10 respondents said they had used the slimming pills knowing there were health risks, with more than six out of ten (62%) doing so because they were ‘desperate to lose weight’.

Be careful buying medicine online and if you should get a prescription for the product then do speak to your doctor and do not risk your health on cheap dodgy products.

More than 5,000 websites illegally selling prescription drugs were shut down in 2016.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

The Value of Directory Submission Services

Online business directories used to be a good way to find items of interest on the Internet. But since the search engines became highly efficient, online directories have not been needed for general searching.  Search engines are the starting point for most users of the World Wide Web and directories are out of favour.

There are online services that will submit your website listing to hundreds or even thousands of online directories and they make it sound as if it’s the best way to get your website noticed.  But search engines pay little attention to directories and few people use them and directories don’t feature much in recommended search engine optimisation for your website, so the value is questionable.

Free and Paid Listings

While most online directories all offer a free listing option, they will try to upsell you to a paid option – this is generally a range packages available for a monthly fee. For example $25 might get you a listing with a logo and a website link, whereas $50 might guarantee you an entry in the top half of their search results page.

A free, basic listing can be useful just for the sake of another return link to your website, but it’s difficult to justify paying for an entry unless it’s a niche directory that is still much used by people searching in that niche.  This true for some trade directories that list for example architects or plumbers.

If your entry in a business directory is to your profile on the directory then this is unlikely to help your position in the main search engines as only the secondary link is to your website.

A paid listing will give you more visibility on the directory but probably be no better for the main search engines.

Maybe you know good reasons why business directory listings are worth paying for?

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Stay Safe on Western Union

Western Union is a money transfer system. It is very much favoured by online fraudsters as once you have made a payment in Western Union the money is untraceable and no way can you get it back.

Western Union recognise this problem but there’s little they can do as the whole process is designed to allow for easy money transfer as if paying cash. Untraceable.

Western Union do publish guidance on how to avoid scams and stay safe.

They publish a list of Money Transfer Never-Evers as they call them.

These are:-

  • Never send money to people you haven’t met in person.
  • Never send money to pay for taxes or fees on lottery or prize winnings.
  • Never use a test question as an additional security measure to protect your transaction.
  • Never provide your banking information to people or businesses you don’t know.
  • Never send money in advance to obtain a loan or credit card.
  • Never send money for an emergency situation without verifying that it’s a real emergency.
  • Never send funds from a cheque in your account until it officially clears—which can take weeks.
  • Never send a money transfer to an individual for online purchases.

If you follow those rules then you will be a lot safer using money transactions with Western Union.

There are countless other money transfer businesses of course including TransferWise, Currencies Direct, OFX and Moneygram.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Maintain Online Privacy

One of the wonderful things about the Internet is the capacity to share information quickly and with a lot of people.

Conversely, one of the big problems with the Internet is people with malicious internet obtaining your confidential information.  Everyone from the ‘Big Brother’ of Facebook, Google and others watching everything we do to scammers trying to steal from us.

Here are some actions you can consider to protect your online security

  1. Have up to date anti-virus and anti-malware on all of your computer devices
  2. Don’t give out information that you don’t want scammers to have, unless you are sure of the person or website you are giving it to.
  3. Be careful – if something looks too good to be true then it’s likely to be a scam
  4. Never click on a link or open an attachment unless you are sure it is safe
  5. Avoid public WI-FI if you intend to access online banking or anything else that needs to be secure.

Website Browsing

There are a number of things you can do to make your website browsing more private and safer.

  • Use the privacy/incognito mode
  • Block web activity trackers
  • Block your ads
  • Use encrypted messengers
  • Get a VPN
  • Avoid non-https:// websites for input of confidential information
  • Clear your cookies regularly
  • Use secure/encrypted email providers

The  guide at https://thebestvpn.com/online-privacy-guide/ contains a lot more information on what you can do to maintain your online privacy.

Fightback Ninja Signature

Are Online Directories Still Useful

In the early days of the World Wide Web, a lot of people were setting up websites, but for people trying to use the web – the problem was how to find what they were looking for.  The idea of online directories made sense as online versions of paper directories, which had been useful for a long time.

Online directories appeared by the hundred and served their purpose until the search engines became effective enough to replace them as the best way to find websites, topics, phrases, names etc. on the Internet.

Online directories can still serve a purpose as part of an online marketing strategy. For example, they are handy for businesses that do not have a website. This at least gives the business name, address and contact details findable on the Internet.

The Big Two Directories

There are two online directories that are still highly regarded  by the search engines.  These are the Open Directory Project (DMOZ) and the Yahoo directory.  Publishing in either of these is difficult as a free entry may not be reviewed for months and even then there is no guarantee of inclusion.  There is the option to pay for a review but again that does not guarantee inclusion in the directory.

Niche Directories

Having an entry in a niche directory can be useful and can get traffic to your website.  These directories target a  specific to an industry or an interest etc.  If your website falls into such a specific  niche, then consider an entry.

This can have a positive effect on your website ranking if the directory is well respected.  Trade Association directories are the main niche directories.

Free or Paid Listings?

Most directories offer free listings with the option to pay to get a better listing such as with more photos, more prominence in searches etc.

But, it is difficult to justify spending a lot of money on an enhanced listing when the money could be spent on direct online advertising instead with Google, Bing, Facebook and others.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature