Tag Archives: Caution

What? Phishing?


Phishing attacks are more rampant than ever before, rising by more than 162% + over 4 years.
The cost worldwide is $4.5 billion every year and over half of internet users get one phishing E-mail per day minimum.
The best defense against phishing attacks is to block malicious E-mails before they reach you is using DMARC
(Domain-based Message Authentication Reporting and Conformance) standard.
Also users (business etc.) that offer E-mail data revealing attacks beyond DMARC (e.g., attacks that fake a brand using domains outside of the brand’s control).
Unfortunately, some phishing E-mails will always make it to the inbox.
And those messages are extremely effective 97% of people cannot
identify a sophisticated phishing E-mail.
That’s where this article comes in.

How to identify a phishing or spoofing E-mail. Share this freely with your friends and co-workers etc (maybe the boss will reward you ;P ).

Don’t trust the displayed name
A very common tactic among thives is to spoof (fake) the display name of an E-mail.
More than 760,000 E-mail threats targeting 40 of the world’s largest brands and found that nearly half of all E-mail threats spoofed the brand in the display name.
Here’s how it works: This asshole phisher wanted to spoof the brand “Bank Of America,” so the E-mail looked like this:

Below is a actual phish email I received.
Notice it’s not from bankofamerica.com but from “urgentaile.com”.
See the general non-personal greeting, then the spelling and grammar. LMAO Nice try moron!
(I forwarded it to abuse@bankofamerica.com so they can deal with the lame ass phisher.)

Since Bank Of America doesn’t own the domain “Urgentaile.com,” DMARC will not block this E-mail on Bank Of America’s behalf, even if Bank Of America has set their DMARC policy for bankofamerica.com to reject messages that fail to authenticate. This fraudulent E-mail, once delivered, appears legitimate because most user inboxes only show the display name. Don’t trust the display name. Check the E-mail address in the header from if looks suspicious, DO NOT open the E-mail.

Look but don’t click

Hover your mouse over any links embedded in the body of the E-mail. If the link address looks weird, DO NOT click on it.
If you want to test the link, open a new window and type in website address directly ratherthan clicking on the link from unsolicited E-mails.

Check for spelling mistakes

Brands are pretty serious about E-mail. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your E-mails carefully and report anything that seems suspicious.

Beware the greeting
Is the E-mail addressed to a vague “Valued Customer?” or “Your Account” If so, be careful legitimate businesses will mostly use a personal greeting with your first and last name.

DO NOT give up personal information
Legitimate banks and most other companies will never ask for personal credentials via E-mail. DO NOT EVER give them.

Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “Account Has Been Suspended” or “Unauthorized Login Attempt.”

Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phishing E-mail. Legitimate businesses ALWAYS provide contact details.

DO NOT click on attachments
Malicious attachments contain viruses and malware are a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. DO NOT open any E-mail attachments you weren’t expecting.

DO NOT trust the header from E-mail address
Phishers not only spoof brands in the display name, but also spoof brands in the header from E-mail address.
Return Path found that nearly 30% of more than 760,000 E-mail threats spoofed brands somewhere in the header from E-mail address with more than two thirds spoofing the brand in the E-mail domain alone.

DO NOT believe what you see
Phishers are extremely good at what they do. Just because an E-mail has convincing brand logos, language, and a seemingly valid E-mail address, does not mean that it’s legitimate.
Be skeptical when it comes to your E-mail messages if it looks even remotely suspicious, DO NOT open it.
Now for the what can you do part!

How and where to report phishing emails and texts.
Forward phishing emails to spam@uce.gov also to the organization impersonated in the email. Your report is more effective when you include the full email header, but most email programs hide this information. To include or possibly copy and paste the raw message in the forward. You can Go to Options, then General Preferences, scroll down to Messages, and select “Show All Headers” or right click on message title and select “View raw message”. These are two common methods. Find out your email servers if neither of these apply.
This is what typical spam titled “Enjoy 90 Days of Proactiv+ & FREE Shipping!” header looks like.

X-Apparently-To: me@yahoo.com; Wed, 19 Jun 2017 00:13:12 +0000
Received-SPF: pass (domain of cagcom.com designates as permitted sender)
X-YMailISG: slxzLYUWLDvxrlNh9bEjUJwuD87aCVjWz1UgEy5wKJemEjhS
X-Originating-IP: []
Authentication-Results: mta1312.mail.gq1.yahoo.com  from=cagcom.com; domainkeys=pass (ok);
from=cagcom.com; dkim=pass (ok)
Received: from  (EHLO updates-182-229.cagcom.com) (
  by mta1312.mail.gq1.yahoo.com with SMTP; Wed, 19 Jul 2017 00:13:12 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=cagcom.com;
 bh=tc92wij1mQSFhJrbEe/J9S3rwmU= ;
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=cagcom.com;
   jVXhN8RJVyH9kZzUxE0= ;
Date: Tue, 18 Jun 2017 23:42:46 +0000
Return-Path: bounce@cagcom.com
To: me@yahoo.com
From: Proactiv+ 
Reply-To: explore@cagcom.com
Subject: Enjoy 90 Days of Proactiv+ & FREE Shipping!
MIME-Version: 1.0
Content-Type: multipart/alternative;
Content-Length: 1329

Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Enjoy 90 Days of Proactiv+ & FREE Shipping!

Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<?xml encoding=3D"UTF-8"><!html><!head><!/head><!body>
<div style=3D"text-align: center;">
<div style=3D"border: 0px solid #eee; width: 600px; height: 881px; max-heig=ht: 803px; min-height: 803; margin: auto; overflow: hidden;"><img src=3D"ht=tp://cagcom.com/uploaded_images/1/1_face.jpg" usemap=3D"#face"><map name=3D="face"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/?nc2u==3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"7,3,574,664" sha=pe=3D"rect"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/=?nc2u=3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"323,704,462= ,728" shape=3D"rect">3D""</map><center>
<blockquote>Safe to view your Message.</blockquote>
<div style=3D"display: inline-block;"></div>


File a report with the U.S. Federal Trade Commission at FTC.gov/complaint.
Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

You can also report phishing email to reportphishing@apwg.org. The Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions and law enforcement agencies, which report here to fight phishing.

Hope this helps keep some of you safe!

Published: July 2, 2017

Maine’s Fiercest Critter

Fiercest Critter

The first place I got to call home on this mortal coil; named earth, was
Australia, a land filled with some of the scariest
creatures anyone wants to meet, from big hairy spiders to bears that drop
from gum trees…

Before coming to Maine I was warned about the critters here that gave me
cause for concern, namely mountain lions, big bears
and these super sized ferrets called fisher cats, nothing could prepare me
for the scariest animal of all…

and she was to be one of my new room mates.

My eyes met hers across the room, and she was not happy to see me, she growled
and hissed, showing me her large sharp teeth.
At first I wasnt scared, ive always got along with these types of creatures,
so i wasnt worried; but she had others plans.
I tried being nice, sneaking her treats (which she took happily) but the
minute i thought i was getting somewhere… “HISSS”
UGH… I was doomed.

I thought i had my chance to prove myself a useful advisery when she got
herself trapped on top of a high shelf one night,
i grabbed a chair and made my way to to the base and climbed up, thinking
i was going to make her day by saving her from
the heights she had found herself at.

NOPE! I put myself a little too close and “POW” I was forever scarred, she
got me, blood everywhere (well, not
really, but to me it was alot) she, being still atop of her tower, gave me
a smug look and proceeded to jump down and walked
off with a “haha” swagger.  

I was wondering to myself how could this gorgeous wee fluffy critter be so
fierce, and then i had an epiphany, I would ignore her,
pay her no attention at all, excpet for the treat sneaking of course, and
low and behold after a month of doing this she coudnt
help herself and came to me, but still I ignored her (which made her really
want my attention). So I gave her wee bits of affection
from patting to ear rubbing, and pow! She and I became friends! But wait…

Did I mention that she is bi-polar?…

Just when I thought she was happy to see me, “SWAT”! UGH!

So we have kind of developed a thing of mutual respect, and now when our
other wee (not so wee, will talk about him next) is hanging
out downstairs she will sleep on my hip in bed, growling at anything that
comes near me.

So to introduce this fiercesome creature, her name is Bella, and she is a
cat, a Maine Coon (she was the tiny of the litter, so shes
a beautiful wee thing) and I love her to bits (and sometimes my pieces when
she is in that mood!)

Angel ❤

Published: February 26, 2017

Passwords: Oh My head!


Back in the day I used to be a so called “Hacker” i so take great offense to the word. Hacker’s create and do the so called impossible basically created all your devices at hand!, Where a “Cracker” destroys and steals etc etc.. The “Cracker” is the one that steals grannys social security checks and your identity Online! Not the “Hacker”. Got it? Good. Ok i’m over that now let’s continue.

Most people don’t put a lot of thought into their password. It’s usually easiest just to toss up a short, easy-to-remember one, or even just to use the same password for every account. After all, the average person probably won’t be able to guess your password.

However, Crackers often use password-cracking software that can keep testing different passwords until they find the correct one, and they can easily crack weak passwords. By creating strong passwords, you can greatly reduce the chance that your personal or financial information will be stolen. Notice it’s called password-CRACKER point made huh lol.

Stupid mistakes

Many people make passwords based on their spouse’s names, a hobby, or a simple pattern because these types of passwords are easy to remember. Unfortunately, they are also easy for crackers to guess. To create a strong password, you will need to avoid these types of common mistakes.

No birthdays.pet,wife,hubby,bf.gf,kids etc name. I can spend ten minutes on most FB pages and guess your password quickly. Because you POSTED IT! “Oh dear” Did i scare you? GOOD! Anything that is part of your life in this way should not be part of any password anywhere!. Ok thats clear let’s move on again..

Check out these examples of stupid passwords!.

  • 123456 (seriously?)
  • abc123 (just send them your money)
  • ilove (bf or gf name etc UGH!)
  • 06271965 (birthday Um real smooth.)
  • gopats! (your into sports huh?)
  • qwerty (OMG! Your keyboard broke?.)

More you says heres the most common doah’s, see if your on the list! check out:
The worst passwords in the world!.

OK making strong passwords. Heres a remeber list.

    • Never use personal information such as your name, birthday, or spouse’s name. Personal information is often publicly available, which makes it easier for someone to guess your password.
    • Use a longer password. Your password should be at least six characters long, and for extra security it should ideally be at least 12 characters if the site allows it.
    • If you need to write down your passwords, keep them in a secure place. It’s even better if you encrypt your passwords, or write down hints for them that others won’t be able to understand.
    • Don’t use the same password for each account. If someone discovers your password for one account, all of your other accounts will be vulnerable.
    • Try to include numbers, symbols, and both uppercase and lowercase letters if the site allows it.
    • Avoid using words that can be found in the dictionary. For example, swimming1 would be a weak password.

You can test you current password here for a rough idea.

Or click the link and use the more advanced version below that includes a password generator too!

  • Random passwords are the strongest. Use Our Password Generator instead of trying to think of your own.
  • Random passwords are more difficult to remember, so create a mnemonic device. For example, J=jNp2# can be remembered as Jelly = jam NOT preserves 2 #. This may still seem random, but with a bit of practice it becomes relatively easy to memorize. You can also choose a sentence you know you’ll remember and then use the first letter of each word in the sentence, plus a few symbols or numbers, as your password.

Password managers

Instead of writing your passwords on paper where others can easily see them, you can use a password manager to encrypt and store them online. Some password managers can also generate random passwords, making your information even more secure. Examples of password managers include LastPass, KeePass (My Choice), Firefox’s password manager, and Google Chrome’s password manager.

For example, when using LastPass, you will first need to install the LastPass browser plugin. Whenever you type a password on a website, the browser plugin will ask you whether you want to save it. The next time you go to the website, LastPass can automatically enter the password for you. If someone else wants to use your computer, you can simply log out of LastPass to prevent the other person from accessing your information.


Published: February 24, 2017