Trusteer Rapport

Trusteer Rapport is a free security tool that’s often promoted by banks for online banking.

It’s advertised as an additional layer of security over and above anti-virus software. It is designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) or by phishing.

The software includes anti-phishing measures to protect against misdirection and attempts to prevent malicious screen scraping; it attempts to protect users against the attacks know as:- man-in-the-browser, man-in-the-middle, session hijacking and screen capturing.

Trusteer Rapport is installed as a browser extension.

This all sounds very good, but there are reviews on the Internet suggesting that Trusteer can cause computers to run very slowly, cause conflicts with your already installed anti-virus software and cause browser crashes.

Various financial institutions have been distributing the software to their customers via internet banking services.

This has included:- Bank of America, Société Générale,Tangerine, INGDirect, HSBC,The Royal Bank of Scotland, CIBC, Ulster Bank, First Direct, Santander, Standard Bank of South Africa, Nedbank, Scotiabank and more.

It is usually good advice to follow your banks recommendations, but do be careful if you install Trusteer and report any problems immediately to your bank. .

Fightback Ninja Signature

 

The New Breed of Computer Takeover Compensation Scam

A computer takeover scam has been doing the rounds for years now, where a scammer will call, claiming to be from Microsoft or Virgin or

BT or a similarly well-known company, saying that your computer has been hit with a virus and that they can remove it for you remotely. When you let them take over your computer, they then try to take as much personal information as possible (logins, password, card payment details etc.) in order to steal your identity or steal from your accounts.  

However, according to Financial Fraud Action (FFA) UK, scammers are branching out by impersonating other firms or organisations, and offering to help with a slow computer or internet connection, or even claiming your information has been hacked and you are due compensation.

The Scam

Once the victim has handed over remote control of their computer, the fraudster will tell the victim that they may be entitled to compensation, or put them through to a supervisor who will appear to make an offer of compensation.

The scammer will say that they are sending the money and ask the victim to log into their bank account to check that it has arrived.

But the fraudsters will put up a fake screen to make it appear that the money has arrived. Meanwhile they will be working away in the background to empty your bank account.

They may ask for a bank passcode to be sent by text, which they will claim is necessary in order to process the refund. In reality, they need this to set themselves up as a new payee from your bank account and take your money.

How to Protect Yourself

The FFA recommends following these steps to ensure you aren’t duped by this version of the scam:

  • be wary of any unsolicited approaches by phone offering compensation
  • do not let someone you do not know have access to your computer, especially remotely
  • do not log onto your bank account while someone else has control of your computer
  • do not share one-time passcodes or card reader codes with anyone
  • do not share your Pin or online banking password, even by tapping them into a telephone keypad.

If you are in doubt, then call the organisation back on a number you trust; if they are legitimate they will help.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The eBAY Community

 

 

 

 

 

This is a website at https://community.ebay.co.uk/

“Welcome to the eBay Community … your community. It’s a meeting-point for eBay buyers and sellers to chat, ask questions, exchange advice and tips.”

“It is a discussion group for eBAY sellers and buyers to share useful information, ask each other questions, warn about scammers etc. and generally give feedback on anything eBAY that they wish to share..”

The site has:-

  • Answer Centre
  • Discussion Boards
  • Groups
  • Meet the Community Team
  • Community Content Policy
  • Board Usage Policy
  • eBay News
  • Safety Center
  • Feedback Forum
  • Buying Guides

The answer centre is filled with questions about everything to do with eBAY – and answers.

A check showed the most recent questions are to do with how do with:- can i block a specific address, refunds, Seller not replying about item guarantee, profile image,  VARIATIONS BUTTON MISSING, Relisting fees, item becomes faulty, Location etc.

The eBAY café is a group for people who want to chat about anything vaguely connected to eBAY such as how to look after plants they bought on eBAY.

The eBAY community website is well used so it can be a useful resource for some who would rather deal with human beings than eBAY automated answers.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

WordPress Owners Survey

Dan Moen carried out a survey in 2016 of people who have WordPress websites that have been attacked, seeking to understand why and how the attacks were being made.  1,032 people responded to the survey.

The most telling statistic is that 61% of respondents didn’t know how the attacker compromised their website.

This is of concern as if you don’t know how the attack was made it is difficult to be sure you have blocked a repeat.

For the site owners who did figure out how the attackers entered, there are two main fidnings:-

  1. Plugins Are A Big Risk

Plugins play a big part in making WordPress very popular and very useful and there are tens of thousands of plugins available for WordPress. But you obviously need to be careful with them, as plugin vulnerabilities represented 56% of the known entry points reported by respondents.

  1. Brute Force Attacks Are A Big Problem

A brute force attack is a password guessing attack. The attacker needs to both identify a valid username on your website and then guess the password for that username. This type of attack is a huge problem, representing 16% of known entry points.

How to Protect Your WordPress Site

  1. Don’t Use Obvious Usernames

Every WordPress site has an administrator login and this should be renamed as administrator or admin are too easy to guess and the most used in brute force attacks.

Make the login something impossible to guess and not used elsewhere on the site.

  1. Add Security Plugins

e.g. WordFence, Jetpack etc. which typically use these kind of features:-

  • Enforce strong passwords
  • Lock users out after a defined number of login failures
  • Lock out users after a number of forgot password attempts
  • Lock out invalid usernames
  1. Keep Plugins updated

Reputable plugin creators fix any vulnerabilities quickly when discovered. By keeping them up to date you insure that you benefit from fixes before attackers can exploit them. Check for updates at least weekly if your WordPress website does not do this automatically.

  1. Only download plugins from reputable sites

If you are going to download plugins somewhere other than the official WordPress repository, you need to make sure the website is reputable. One of the easiest ways for attackers to compromise your website is to trick you into loading malware yourself. An attacker will do this by setting up a website that looks legitimate and getting you to download a compromised plugin.

Keep your WordPress website safe.

If your website has been attacked – let me know the details and the outcome by email.

Fightback Ninja Signature