Category: information

Phishing Tackle Website

Phishing Tackle at  https://www.phishingtackle.com/  offer a range of online courses to help keep businesses safe from Phishing scams. These scams are where scammers send out messages (usually by email but can also be by text and phone call) claiming to be a trusted organisation e.g. HMRC, local council, Marks and Spencers, Nat West Bank, The Police and so on. They are after your personal information and especially login and password information and financial details.

Over 90% of data breaches are caused by an end-user clicking on a phishing email and Phishing Tackle say they reduce the risk of people clicking on phishing emails.

Phishing Tackle’s automated online security awareness training, simulated phishing and policy management platform reduces the risk of end-users clicking on phishing emails by over 90% – that’s the claim.

Website resources include:-

  • A click-prone test
  • Domain spoof test
  • Phishing quiz

And lots of information on various types of online scams.

Free Phishing Awareness & Training is available to not-for-profits in some cases.

They also offer a manged service to protect businesses.

The website is a good resource for those looking to protect their business from Phishing scams

If you have any experiences with phishing scams do let me know, by email.

Fightback Ninja Signature

 

Cold Caller Number Lookup

It is estimated that each day, twelve million people in the UK receive one or more cold calls.

Have you received a scam call or an annoying cold call and wished you could register their phone number online to warn others about them?

Or do you want to know if a caller is a scammer or cold caller?

Go to www.badnumbers.co.uk   to check their number or register the caller’s number as ‘bad’.

Bad Numbers is a reverse telephone number lookup website and has collected over 20,000 ‘bad’ telephone numbers so far.

The website is very simple – you just type in a number and see if it is already registered. If not and you want to register it then you type in why and that’s about it.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

How Hackers Take Email Addresses From Websites

To build up lists of email addresses that can be sold to spammers and scammers, hackers run software that scans websites and looks for email addresses.

This is called email harvesting and is done on a huge scale.

The hackers typically scan websites, mailing lists, internet forums, social media platforms and anywhere else they can find email addresses online.

The characteristic format for an email address is name@domain.com so it is simple for email harvesters to read web pages and look for the @ symbol as it seldom occurs anywhere on web pages except in an email address.

The harvesters can also check for unusual variations on that theme e.g. User[at]domain.com or User[AT]domain[DOT]com

In web pages, an email link is generally of the format ‘mailto:user@domain.com’ so these can easily be spotted and added to their list by the harvesters.

Many web developers try to stop this happening by disguising any email links such as by displaying the email address as a picture that the user must then type in the address to their email system or by encoding some or all of the letters in the email address.

e.g. “A” is letter A, “@” is letter B and so on.

The simplest approach is to use a contact form instead of an email address link. His works for one email address but not so applicable if you have lots of email address links on the same page.

There are many more ways to hide email address links from harvesters, but whatever you try – make sure not to have such addresses showing in clear text.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The Secure Padlock Myth

When browsing on the Internet, you will be familiar with the padlock symbol that appears just to the left of the internet address. Depending on your browser, the padlock symbol may be green.

That padlock means ‘secure’ and you should never input any confidential information on a website if there isn’t a padlock symbol showing.

However, this does not mean that the website is safe to use – only that a level of encryption is in use between the browser and the Internet address. This encryption is called SSL.

The little padlock does not mean that the website is safe as criminals can easily get SSL for their fake scam websites.

Google has plans to stop using the padlock symbol as the vast majority of websites now do use SSL security, so would have the padlock symbol.

If you want more details on a website’s security, you can click on the padlock symbol and it will tell you the organisation name for the encryption certificate. If it doesn’t match the domain name (i.e. the Internet address) then that is a red warning flag.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

What is a Data Breach

A data breach is a computer security incident where confidential information is accessed by hackers deliberately or by interlopers accidentally. This can hurt businesses through loss of confidence by their customers and businesses can be fined if they have not taken due care of their customer data.

The largest examples of data breaches involve hundreds of millions of records of people’s data and sometimes this includes financial data or even passwords.

There is a website at https://haveibeenpwned.com/ which allows anyone to check if their data been released in a data breach.  This currently shows more than 9 billion accounts involved in data breaches – clearly some people’s accounts have been accessed repeatedly.

The average cost to a business of a data breach is in millions of dollars although many are fairly small or even zero cost except for time wasted.  That cost is made up of fines, restorative work needed on their systems, improvements to computer security, payment of damages to customers and loss of business.

Cybercrime is a profitable industry for attackers and continues to grow. Hackers look for information they can make use of – especially to sell to other criminals for identity fraud etc.

Most attacks that lead to data breaches take advantage of poorly built or maintained computer systems or finding people’s logins and password by simply guessing. Too many people still have obvious passwords or use words that are in the dictionary and hackers can run programmes to try every word in the dictionary as a password.

Some data breaches are highly sophisticated attacks by teams of hackers but many could simply be avoided by businesses having decent computer protection and keeping up to date with system patches.

For businesses that fail in their care of customer data there can be significant fines and some never recover from the reputational damage.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

What is Malware

“Malware” is any software that is created to cause destructive effects on a computer or system or steal information or cause loss of data against the users wishes.

This includes viruses, Trojans, spyware, and ransomware amongst others.

Malware is created by hackers and is usually intended to deliberately cause damage or to make money in some way. But it is also used by subversive governments for attacking other countries infrastructure and accessing secrets.  Sometimes businesses use malware to spy on others.

There is a wide variety of malware, including:-

  • Viruses: These attach themselves to clean files and infect other clean files. They can spread uncontrollably, making computers unstable and unusable and sometimes deleting or corrupting files.
  • Trojans: This kind of malware is usually hidden in what appears to be legitimate software. Typically it creates a back door entry to a system for the hacker who created it.
  • Spyware: Used to spy on the opposition – whether that’s another country, person or organisation. This malware usually hides and operates in the background, periodically sending back data to its owner.
  • Worms: This type of software is designed to infect entire networks of devices, either in one data centre local or across the internet, by using network interfaces. It uses each consecutively infected machine to infect others.
  • Ransomware: This kind of malware typically locks down your computer and your files,, then threatens to erase everything unless you pay a ransom (usually in Bitcoin).

How to protect against malware

  • Install anti-virus and anti-malware software or service on all of your computing devices and networks. E.g. AVAST, McAfee, Malwarebytes etc.
  • Don’t give out lots of personal information on web sites, social media etc, and do not trust people you have never met unless you have checked on them.
  • Always virus scam anything you download and avoid torrents and similar.
  • Get an ad-blocker! To stop unexpected adverts appearing that may contain malware or lead to a site containing malware.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature