Category: Warning

PDFs Are Not Safe

We are all used to having to be careful opening certain emails, zipped files,  WORD, EXCEL and other types of files in case they contain some kind of malware – virus, ransomware, Trojan etc.

But most people feel safe opening PDF documents.

However, scammers are using PDFs more and more as attachments in email or malicious downloads on websites.

PDFs can contain javascript programming which can have malicious intent and they can contain links which of course could go to any website.

Microsoft Malware Protection Centre released a list of PDF filenames that are commonly used in malicious emails and websites. Scammers keep making new names of course.

  • pdf_new.pdf
  • audjehtg1.pdf
  • a10pokllt.pdf
  • pricelist.pdf
  • couple_lucky.pdf
  • 56119081.pdf
  • list.pdf
  • holidays.pdf

Q. How can you protect yourself against malicious content?

Most of the PDF exploits use Javascript so if you disable that then a large part of the problem is blocked.

However, common sense goes a long way in protecting you.

  1. Do not open an email or download anything that is sent to you by someone you don’t know
  2. Make sure your email settings are on high protection and your anti-virus and anti-malware programmes are working
  3. If there’s a file on email you really want to open but aren’t sure then save it and then scan it (usually you right mouse click and select scan – depending on which anti-malware solutions you use)

Of course, you should run regular scans of your computer to ensure no malware has been installed.

How to Turn Off Javascript in PDFs

If you use a programme other than ADOBE for opening PDFs then you’ll need to check how to disable Javascript. If you use ADOBE then see below:-

  1. Start Acrobat or ADOBE
  2. Select EDIT then PREFERENCES
  3. Select the Javascript category
  4. Uncheck the Enable Acrobat Javascript option
  5. Save and exit

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Gmail Phishing Scams

Scammers have long used Hotmail, Yahoo, Yandex email accounts and those of many other email providers. But seldom used Gmail as it is more difficult to create Gmail accounts.

However, people trust Gmail more so the scammers are now creating and using more Gmail accounts.

The Typical Scam

  1. You receive an email from someone you know and open it.
  2. It contains a message and an attached file. As you know the person who sent the message you open the attached file without thinking.
  3. When you click the attachment, you are redirected to what seems to be the Gmail sign-in page and you enter your login and password.
  4. The result is not what you expect. You have in fact given your login and password to a scammer on a fake webpage made to look like a Gmail login screen.
  5. The attachment that is sent isn’t actually an attachment; it is just an image of an attachment which links to a fake Gmail sign in page. When you enter your Gmail login details, it sends them to the scammer and she has instant access to your email account.
  6. As the scammers can access your account, they can send emails that appear to be from you and hence it’s easier for them to convince people who know you to pass on confidential information. And the cycle continues with more people being targeted.

The Dangers

There’s a lot a scammer can do with your email address as most websites use it as an ID. A scammer may try your login and password on numerous websites in the hope of gaining access in your name and hence be able to buy products and you get the bills etc.

Most websites have a ‘forgotten password’ feature so if the scammer uses that they can get the ‘reset password’ message and get hence change your password. Getting access to your own account then becomes seriously difficult.

How to av

oid the Gmail Phishing scam:

  • Stay cautious and if not sure of an email then do not open it or any attachment
  • Do not click on links in emails
  • Beware of messages claiming to be from friends but that seem odd
  • Beware of any messages claiming to be from Google about your account

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

 

Do Not Unsubscribe

If you receive emails from a reputable business and want the emails to stop then usually the easy answer is just to click the unsubscribe button.

The problem is where you are dealing with emails from companies that you don’t know whether they are reputable or not and of course the vast majority of spam messages are from the disreputable sources.

For these, it’s usually a bad idea to click on the unsubscribe link – assuming there is one of course.

Why is that?

  1. By clicking, you are confirming that the email address is Live and hence it may be added to spam lists that sell at a higher price than spam lists of untested email address. These lists are sold to other scammers and spammers.
  2. Your click demonstrates an interest in the subject of the email. A sender that is not reputable will then double down and send you many more similar emails.
  3. The sender can glean quite a lot of information from your click, about your browser and operating system, IP address etc. and that can be used to target scams and attacks against you.
  4. The link you click may well be to a site that tries to download malware onto your device.

Think twice before clicking on an unsubscribe link.

If you have any experiences with these scams do let me know, by email.

 

Suckers List

A sucker list is a list of contact details for people suspected to be vulnerable to various types of scam and these lists are sold by scammers and hackers to other scammers.

The lists are usually made up of people who have replied to scam emails, texts or letters or they can be details of people who have fallen for a scam, as people who have been scammed before have a higher probability of falling for a subsequent scam.

Once your name is on a sucker list, you are likely to be inundated with scam emails, texts and letters.

Your details may end up on a suckers list simply because you made an online donation to charity or click a link in an email without checking what it was for or for downloading an APP from a site that isn’t Google or APPLE.

Some organisations sell their contact lists to others without properly checking that the buyer is trustworthy or maybe hackers get into business contact data and upload it to the dark web.

Can You Remove Your Name from Sucker Lists?

That isn’t possible,  as these people are criminals so any request to them to stop sending you messages just confirms that the email address is active and hence worth more than a dead email address.

But there are ways to limit these solicitations and stay off future lists.

The Data & Marketing Association (DMA) is an industry trade group that offers a service called DMAchoice that allows users to remove their names from the mailing lists maintained by those members. But that only works with reputable companies.

If you think your details are on suckers lists the only answer is to change your telephone number, logins and passwords etc. even this can be time consuming and inconvenient.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Email Address Scrapers

You may wonder how scammers and spammers get your email address.

They have a variety of means – from searching official records to scanning social media posts to simply making them up and then seeing if anyone responds to emails at those addresses.

One method commonly used is scanning websites looking for email addresses, making them into lists and selling them to other scammers and spammers.

One such set of tools are called Email Scrapers or Email Extractors.

A recent message from one operation selling this kind of software tells me:

  • Our software will enable you to scrape and extract business contact details into an EXCEL spreadsheet
  • It’s like having a thousand data entry clerks creating information for you
  • Cut your costs in these difficult times

It isn’t illegal to copy email addresses from  websites but it is illegal to send marketing messages to anyone who hasn’t given permission for that.

These services claim to capture only business email addresses but that’s a straightforward lie. The software finds any email address on the searched pages and does not care what is a business address and what isn’t

If you buy these spam lists from such operations, you will end up with a mix of business and personal email addresses plus fake email addresses and dead email addresses.

Plus, sending messages to those addresses is illegal.

Do not do it – it will simply make the recipients hate you for the spammer you are.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The Danger of Smart Doorbells

Smart doorbells are becoming a common sight on UK streets. These are doorbells that link into your house systems e.g. wi-fi. Commonly they have video cameras so you can use your smart phone to see who’s at the front door and even speak with them through the doorbell.

Which? Magazine tested 11 different doorbells found on eBay and Amazon, many of which were highly recommended, but all had security problems of some kind, including-

  • Some models send your wi-fi name and password to servers in China unencrypted, which means any hacker able to intercept this data could then access your home systems.
  • Some could be easily pried off your door and resold
  • Some had a standard easily guessable password
  • Some were vulnerable to common hacks such as KRACK
  • Most left any data transfer unencrypted
  • Some collected information they should not have access to e.g. your address

Tips on how to keep your smart doorbell secure:

  • Look at the brand. If you haven’t heard of the brand, or there’s no brand at all, then you should be cautious. Trying searching for the brand to see if they have website or are easily contactable. If you can’t then you should give device a wide berth.
  • Check product reviews and be aware that some companies stuff reviews with overly positive messages. Look for negative reviews and detailed reviews as these can be more instructive and if there aren’t any then be suspicious.
  • Change the password. Before adding the device to your wi-fi make sure to change the password to something unguessable.

If you have any experiences with these smart doorbells do let me know, by email.

Fightback Ninja Signature