Category: information

The Secure Padlock Myth

When browsing on the Internet, you will be familiar with the padlock symbol that appears just to the left of the internet address. Depending on your browser, the padlock symbol may be green.

That padlock means ‘secure’ and you should never input any confidential information on a website if there isn’t a padlock symbol showing.

However, this does not mean that the website is safe to use – only that a level of encryption is in use between the browser and the Internet address. This encryption is called SSL.

The little padlock does not mean that the website is safe as criminals can easily get SSL for their fake scam websites.

Google has plans to stop using the padlock symbol as the vast majority of websites now do use SSL security, so would have the padlock symbol.

If you want more details on a website’s security, you can click on the padlock symbol and it will tell you the organisation name for the encryption certificate. If it doesn’t match the domain name (i.e. the Internet address) then that is a red warning flag.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

What is a Data Breach

A data breach is a computer security incident where confidential information is accessed by hackers deliberately or by interlopers accidentally. This can hurt businesses through loss of confidence by their customers and businesses can be fined if they have not taken due care of their customer data.

The largest examples of data breaches involve hundreds of millions of records of people’s data and sometimes this includes financial data or even passwords.

There is a website at https://haveibeenpwned.com/ which allows anyone to check if their data been released in a data breach.  This currently shows more than 9 billion accounts involved in data breaches – clearly some people’s accounts have been accessed repeatedly.

The average cost to a business of a data breach is in millions of dollars although many are fairly small or even zero cost except for time wasted.  That cost is made up of fines, restorative work needed on their systems, improvements to computer security, payment of damages to customers and loss of business.

Cybercrime is a profitable industry for attackers and continues to grow. Hackers look for information they can make use of – especially to sell to other criminals for identity fraud etc.

Most attacks that lead to data breaches take advantage of poorly built or maintained computer systems or finding people’s logins and password by simply guessing. Too many people still have obvious passwords or use words that are in the dictionary and hackers can run programmes to try every word in the dictionary as a password.

Some data breaches are highly sophisticated attacks by teams of hackers but many could simply be avoided by businesses having decent computer protection and keeping up to date with system patches.

For businesses that fail in their care of customer data there can be significant fines and some never recover from the reputational damage.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

What is Malware

“Malware” is any software that is created to cause destructive effects on a computer or system or steal information or cause loss of data against the users wishes.

This includes viruses, Trojans, spyware, and ransomware amongst others.

Malware is created by hackers and is usually intended to deliberately cause damage or to make money in some way. But it is also used by subversive governments for attacking other countries infrastructure and accessing secrets.  Sometimes businesses use malware to spy on others.

There is a wide variety of malware, including:-

  • Viruses: These attach themselves to clean files and infect other clean files. They can spread uncontrollably, making computers unstable and unusable and sometimes deleting or corrupting files.
  • Trojans: This kind of malware is usually hidden in what appears to be legitimate software. Typically it creates a back door entry to a system for the hacker who created it.
  • Spyware: Used to spy on the opposition – whether that’s another country, person or organisation. This malware usually hides and operates in the background, periodically sending back data to its owner.
  • Worms: This type of software is designed to infect entire networks of devices, either in one data centre local or across the internet, by using network interfaces. It uses each consecutively infected machine to infect others.
  • Ransomware: This kind of malware typically locks down your computer and your files,, then threatens to erase everything unless you pay a ransom (usually in Bitcoin).

How to protect against malware

  • Install anti-virus and anti-malware software or service on all of your computing devices and networks. E.g. AVAST, McAfee, Malwarebytes etc.
  • Don’t give out lots of personal information on web sites, social media etc, and do not trust people you have never met unless you have checked on them.
  • Always virus scam anything you download and avoid torrents and similar.
  • Get an ad-blocker! To stop unexpected adverts appearing that may contain malware or lead to a site containing malware.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

What is Clickjacking

The term “clickjacking” is a portmanteau of the words “click” and “hijacking”.

Clickjacking is where you click on a link on a web page but you have unknowingly clicked on something hidden.

This is a way for scammers to get you to make purchases on Amazon or other retail sites without your knowledge, or to start videos, sign up for subscriptions etc.

This only happens on scammer’s websites, not on reputable business websites, but you can inadvertently end up on such a website by clicking a link in an email or on social media etc.

For example, you receive an email with a link to a video about a news item and you click it – expecting the news item to appear. However, it takes you to a page of news items and you click one but have in fact unknowingly clicked on a link to buy an expensive item on Amazon. The item selected is sold by the scammer and will be removed from Amazon before you can claim a refund.

That Amazon link was transparent and over the top of the link you actually intended to click.

This scam using Amazon relies on you having one-click purchasing turned on and that you are logged in.

Scammers using this technique for to get clicks on a video that they get paid for or likes on a social media site they get rewarded for etc.

The technique used in this scam is sometimes called User Interface Redressing which is a wider term than clickjacking and also includes browserless clickjacking, Likejacking and more.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

What to Do When Your Website is Copied

As many of us know, it can be a long tough job to build a website with great content that attracts customers and serves their needs, but it is an essential part of most businesses nowadays.

Unfortunately, there are many out there who may decide to use that success to their advantage by simply copying graphics, contents, ideas from your website or even just duplicating your website and putting their name on it.

What Can You Do?

If your site suffers from copying, the first step is to collect evidence – take screen shots of your site and the copy then try to contact the owner of the copycat site.

If the copying is not too serious, then maybe a warning will lead to removal of the problem content.

But in some cases, the copying is part of a very deliberate plan to defraud people and you may get the blame from scammed customers.

Steps to Take

  1. Use the WHOIS lookup service at whois.com to find out who registered the site’s domain name.

The information will include a contact email address.

In some cases, the owner will have kept their contact details anonymous.

  1. Contact The Internet Company Hosting the Web Site.

You can contact the server host and request the page or site be taken down, but you will need evidence of course.

  1. Search Engines

If you are ignored by the site owner, then you can proceed to submitting request to Google and Bing to have the site removed from their listings.

  1. DMCA Takedown

In the case that you need the site to be taken down entirely, you can request a DMCA Takedown which costs $199 per site, but can be worth it.

  1. Seek Legal Advice.

If you do not succeed, then it’s time to get legal advice and go after the owner of the website for damages.

This can be time consuming and expensive so it depends on the level of damage the copycat web site is causing to your business / reputation.

If you have any experiences with this issue of websites being copied,  do let me know, by email.

Fightback Ninja Signature

Child Abuse Protection Online

Facebook, Twitter, Microsoft, Google and other tech companies agreed to British government demands that they do more to keep young people safe on their online services.

This is a set of voluntary guidelines created by the UK, the U.S., Australia, Canada and New Zealand and it includes measures to stop new and existing child abuse photos and films appearing online.

The guidance also specifies that the companies must prevent streaming of such material and to work with Police to identify offenders and further develop their technology to stay ahead of offender’s behaviour online.

The countries have been clear that if the voluntary guidelines do not work then legislation will follow.

This is a big step forward – shame it has taken the tech companies so long to reach this point.

Do enter your email address and click on the subscribe button on top right to keep up to date with new

Fightback Ninja Signature