Home

Tag Archives: Caution

What? Phishing?

Phishing

Phishing attacks are more rampant than ever before, rising by more than 162% + over 4 years.
The cost worldwide is $4.5 billion every year and over half of internet users get one phishing E-mail per day minimum.
The best defense against phishing attacks is to block malicious E-mails before they reach you is using DMARC
(Domain-based Message Authentication Reporting and Conformance) standard.
Also users (business etc.) that offer E-mail data revealing attacks beyond DMARC (e.g., attacks that fake a brand using domains outside of the brand’s control).
Unfortunately, some phishing E-mails will always make it to the inbox.
And those messages are extremely effective 97% of people cannot
identify a sophisticated phishing E-mail.
That’s where this article comes in.

How to identify a phishing or spoofing E-mail. Share this freely with your friends and co-workers etc (maybe the boss will reward you ;P ).

Don’t trust the displayed name
A very common tactic among thives is to spoof (fake) the display name of an E-mail.
More than 760,000 E-mail threats targeting 40 of the world’s largest brands and found that nearly half of all E-mail threats spoofed the brand in the display name.
Here’s how it works: This asshole phisher wanted to spoof the brand “Bank Of America,” so the E-mail looked like this:

Below is a actual phish email I received.
Notice it’s not from bankofamerica.com but from “urgentaile.com”.
See the general non-personal greeting, then the spelling and grammar. LMAO Nice try moron!
(I forwarded it to abuse@bankofamerica.com so they can deal with the lame ass phisher.)



Since Bank Of America doesn’t own the domain “Urgentaile.com,” DMARC will not block this E-mail on Bank Of America’s behalf, even if Bank Of America has set their DMARC policy for bankofamerica.com to reject messages that fail to authenticate. This fraudulent E-mail, once delivered, appears legitimate because most user inboxes only show the display name. Don’t trust the display name. Check the E-mail address in the header from if looks suspicious, DO NOT open the E-mail.

Look but don’t click

Hover your mouse over any links embedded in the body of the E-mail. If the link address looks weird, DO NOT click on it.
If you want to test the link, open a new window and type in website address directly ratherthan clicking on the link from unsolicited E-mails.

Check for spelling mistakes

Brands are pretty serious about E-mail. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your E-mails carefully and report anything that seems suspicious.

Beware the greeting
Is the E-mail addressed to a vague “Valued Customer?” or “Your Account” If so, be careful legitimate businesses will mostly use a personal greeting with your first and last name.

DO NOT give up personal information
Legitimate banks and most other companies will never ask for personal credentials via E-mail. DO NOT EVER give them.

Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “Account Has Been Suspended” or “Unauthorized Login Attempt.”

Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phishing E-mail. Legitimate businesses ALWAYS provide contact details.

DO NOT click on attachments
Malicious attachments contain viruses and malware are a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. DO NOT open any E-mail attachments you weren’t expecting.

DO NOT trust the header from E-mail address
Phishers not only spoof brands in the display name, but also spoof brands in the header from E-mail address.
Return Path found that nearly 30% of more than 760,000 E-mail threats spoofed brands somewhere in the header from E-mail address with more than two thirds spoofing the brand in the E-mail domain alone.

DO NOT believe what you see
Phishers are extremely good at what they do. Just because an E-mail has convincing brand logos, language, and a seemingly valid E-mail address, does not mean that it’s legitimate.
Be skeptical when it comes to your E-mail messages if it looks even remotely suspicious, DO NOT open it.
Now for the what can you do part!

How and where to report phishing emails and texts.
Forward phishing emails to spam@uce.gov also to the organization impersonated in the email. Your report is more effective when you include the full email header, but most email programs hide this information. To include or possibly copy and paste the raw message in the forward. You can Go to Options, then General Preferences, scroll down to Messages, and select “Show All Headers” or right click on message title and select “View raw message”. These are two common methods. Find out your email servers if neither of these apply.
This is what typical spam titled “Enjoy 90 Days of Proactiv+ & FREE Shipping!” header looks like.

X-Apparently-To: me@yahoo.com; Wed, 19 Jun 2017 00:13:12 +0000
Return-Path: 
X-YahooFilteredBulk: 131.127.182.229
Received-SPF: pass (domain of cagcom.com designates 131.127.182.229 as permitted sender)
X-YMailISG: slxzLYUWLDvxrlNh9bEjUJwuD87aCVjWz1UgEy5wKJemEjhS
 rrS4TfHEPRuF2SiYg6vbTWHrswN8GxHCdahXfiCA.9LBmBVB21knvyz0EBr3
 uPkVrull45KLxUEgMVwxV8zhB0pp72L0A93UqVNiQiiv7dA7ApHqukdpOqE3
 gSaLA3gprbBAdMdb2ZI7aP662JyrxZ39Y5RSxzE9C1JYCwvNOTCry0XW6aA3
 m8rWhFpt0Fb7gz8hDjr4MuIO66LZkAtPCa2y2vDnwaYJRj_bD6qRq0bAXySi
 v9jY2MNn1VV3TNiFMLPwvI8_6F.L_cG1.2W.9iAaX.zxtzLEsky8AqF3BIxF
 777p32ABSLRZxypU.LcMtY717qSg_xRZYKve0c.Y7gAS1f7GR64AHIFMEbcU
 p_7JHr8ChMea7Mt5kRHBDg2c0NFeOzlxYyKRqsGkHl5xP3is2Rxcw.p6vKQm
 O7GgW_zHVAsEVpqfLKp4uId.diam6DOHGsrpMB6C87S0q_ehngqRxCOr9H8E
 GxIMrEG6qMqi730.45nzB07oZHfOf5t1LxCGPf39xmAS.gkoAEQt8o8X.PYi
 Z4ytyu_95pRhTlufY_p870mbQ3SjQVM2LQaTDLlArQBJlgPjnnxJ69vNviQv
 WxsutXjlEBK9Z6lI4S8kzWF1B5dJ3wFymtY0238wJ4RrLrFQ.iFVV6TS08KK
 0tzq.deKpleMVsBQBsLWRcrZNbSM_Yv2kmYNyeCscvS6CFPb27ZgE6IX7bXv
 lVMsgeKCiQ5MstM2gK7LPGru_vaqTqIF6P_DFNAaHX4I7hg4EyagzLMGCl4z
 rBIYQdOxvg4qpmK8zrbKokOTwSe6NlU76QOqcSWC8gVwzaElDKev5qMa2Ydf
 DCa9Qead0lqvpkMsZUDEVqUXrsyIpiEd8F.rM25o7r7xfBPEEpB7lySG_2ik
 bqJPHU_uB5HFe5DhA5a4QGv5A4ev4BmOjB7R00iEYXLhwfM87jmyiyEaHhkL
 4iHvDBJEwhcfa18jyQJ.gS9HhLBp7zgmMlgUnFFyG93sXCtuE5LujUuay_lg
 dwvS_.LRXC5ublnRDWjROf4ID.GEk5AOBcpFRIof4R8LfgIDYYwqefTClQCu
 bHeRxJbPwxzsmzGg7iU..rcNJT3.AIE0RZtfk33cQBWYWnQbiaUUFqDrylsJ
 0IP0VWGvg0bmmmJhx4I28DNjxsghSkF3eoeiJdxXbNARwAFHCaox2zTV940Z
 mm7kenEpz5LM1hDeFnXs8KYWqMv6TcbM8xqAv6tr9XOYj0JWai8fCOcKTWVs
 WPuth2Xg3UQ8gDaalXmOHQHxF5AlsQ--n
X-Originating-IP: [131.127.182.229]
Authentication-Results: mta1312.mail.gq1.yahoo.com  from=cagcom.com; domainkeys=pass (ok);
from=cagcom.com; dkim=pass (ok)
Received: from 127.0.0.1  (EHLO updates-182-229.cagcom.com) (131.127.182.229)
  by mta1312.mail.gq1.yahoo.com with SMTP; Wed, 19 Jul 2017 00:13:12 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=cagcom.com;
 h=Date:To:From:Reply-To:Subject:Message-ID:MIME-Version:Content-Type; 
i=explore@cagcom.com;
 bh=tc92wij1mQSFhJrbEe/J9S3rwmU= ;
 b=GsU1Q7nHDXDUCeJcv0tHOMKT6ieBGgyY2qCPFBG4ZjLURCE9xXS2d9GX8dRi3JIBBHllfAa19vSl
   s9U0SPGwGasVY9a/CvbEKHLOejEjL0T6m2aZ5u5XYTs0nQo04xRkgi+xvoXIYI3G3DpTyKQNe+hT
   zuvQuZOzTrL4hjYvLf8=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=cagcom.com;
 b=gU9LGbqx1dAc/MEz0gdd4u5kOjjzj//kFSIOertAiDD7VCvQn3dlfzK5ZPCNj+ulIgsXx34q7437
   MQHdveHJWij0R3pX3KpCOwwBKEemxO7TwtRkkxJj4phJoczjlrA06BcSgqB2rectvzm1X+U0ULjh
   jVXhN8RJVyH9kZzUxE0= ;
Date: Tue, 18 Jun 2017 23:42:46 +0000
Return-Path: bounce@cagcom.com
To: me@yahoo.com
From: Proactiv+ 
Reply-To: explore@cagcom.com
Subject: Enjoy 90 Days of Proactiv+ & FREE Shipping!
Message-ID: 
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_cd5cb8765bbd53816f1497f44d793a66"
Content-Length: 1329

--b1_cd5cb8765bbd53816f1497f44d793a66
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Enjoy 90 Days of Proactiv+ & FREE Shipping!

--b1_cd5cb8765bbd53816f1497f44d793a66
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<?xml encoding=3D"UTF-8"><!html><!head><!/head><!body>
<center>
<div style=3D"text-align: center;">
<div style=3D"border: 0px solid #eee; width: 600px; height: 881px; max-heig=ht: 803px; min-height: 803; margin: auto; overflow: hidden;"><img src=3D"ht=tp://cagcom.com/uploaded_images/1/1_face.jpg" usemap=3D"#face"><map name=3D="face"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/?nc2u==3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"7,3,574,664" sha=pe=3D"rect"><area target=3D"" alt=3D"" title=3D"" href=3D"http://amaog.com/=?nc2u=3DbtJ%2flSnfWXQNT379mLX6BT4tUhOhPMOu&s1=3D" coords=3D"323,704,462= ,728" shape=3D"rect">3D""</map><center>
<blockquote>Safe to view your Message.</blockquote>
</center>
<div style=3D"display: inline-block;"></div>
</div>
</div>
</center>
</body></html>

--b1_cd5cb8765bbd53816f1497f44d793a66--

 
File a report with the U.S. Federal Trade Commission at FTC.gov/complaint.
Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

You can also report phishing email to reportphishing@apwg.org. The Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions and law enforcement agencies, which report here to fight phishing.

Hope this helps keep some of you safe!
mongo

Published: July 2, 2017

Maine’s Fiercest Critter

Fiercest Critter

The first place I got to call home on this mortal coil; named earth, was
Australia, a land filled with some of the scariest
creatures anyone wants to meet, from big hairy spiders to bears that drop
from gum trees…

Before coming to Maine I was warned about the critters here that gave me
cause for concern, namely mountain lions, big bears
and these super sized ferrets called fisher cats, nothing could prepare me
for the scariest animal of all…

and she was to be one of my new room mates.

My eyes met hers across the room, and she was not happy to see me, she growled
and hissed, showing me her large sharp teeth.
At first I wasnt scared, ive always got along with these types of creatures,
so i wasnt worried; but she had others plans.
I tried being nice, sneaking her treats (which she took happily) but the
minute i thought i was getting somewhere… “HISSS”
UGH… I was doomed.

I thought i had my chance to prove myself a useful advisery when she got
herself trapped on top of a high shelf one night,
i grabbed a chair and made my way to to the base and climbed up, thinking
i was going to make her day by saving her from
the heights she had found herself at.

NOPE! I put myself a little too close and “POW” I was forever scarred, she
got me, blood everywhere (well, not
really, but to me it was alot) she, being still atop of her tower, gave me
a smug look and proceeded to jump down and walked
off with a “haha” swagger.  

I was wondering to myself how could this gorgeous wee fluffy critter be so
fierce, and then i had an epiphany, I would ignore her,
pay her no attention at all, excpet for the treat sneaking of course, and
low and behold after a month of doing this she coudnt
help herself and came to me, but still I ignored her (which made her really
want my attention). So I gave her wee bits of affection
from patting to ear rubbing, and pow! She and I became friends! But wait…

Did I mention that she is bi-polar?…


Just when I thought she was happy to see me, “SWAT”! UGH!

So we have kind of developed a thing of mutual respect, and now when our
other wee (not so wee, will talk about him next) is hanging
out downstairs she will sleep on my hip in bed, growling at anything that
comes near me.

So to introduce this fiercesome creature, her name is Bella, and she is a
cat, a Maine Coon (she was the tiny of the litter, so shes
a beautiful wee thing) and I love her to bits (and sometimes my pieces when
she is in that mood!)

Angel ❤

Published: February 26, 2017

Passwords: Oh My head!

OhMyHead

Back in the day I used to be a so called “Hacker” i so take great offense to the word. Hacker’s create and do the so called impossible basically created all your devices at hand!, Where a “Cracker” destroys and steals etc etc.. The “Cracker” is the one that steals grannys social security checks and your identity Online! Not the “Hacker”. Got it? Good. Ok i’m over that now let’s continue.

Most people don’t put a lot of thought into their password. It’s usually easiest just to toss up a short, easy-to-remember one, or even just to use the same password for every account. After all, the average person probably won’t be able to guess your password.

However, Crackers often use password-cracking software that can keep testing different passwords until they find the correct one, and they can easily crack weak passwords. By creating strong passwords, you can greatly reduce the chance that your personal or financial information will be stolen. Notice it’s called password-CRACKER point made huh lol.

Stupid mistakes

Many people make passwords based on their spouse’s names, a hobby, or a simple pattern because these types of passwords are easy to remember. Unfortunately, they are also easy for crackers to guess. To create a strong password, you will need to avoid these types of common mistakes.

No birthdays.pet,wife,hubby,bf.gf,kids etc name. I can spend ten minutes on most FB pages and guess your password quickly. Because you POSTED IT! “Oh dear” Did i scare you? GOOD! Anything that is part of your life in this way should not be part of any password anywhere!. Ok thats clear let’s move on again..

Check out these examples of stupid passwords!.

  • 123456 (seriously?)
  • abc123 (just send them your money)
  • ilove (bf or gf name etc UGH!)
  • 06271965 (birthday Um real smooth.)
  • gopats! (your into sports huh?)
  • qwerty (OMG! Your keyboard broke?.)

More you says heres the most common doah’s, see if your on the list! check out:
The worst passwords in the world!.

OK making strong passwords. Heres a remeber list.

    • Never use personal information such as your name, birthday, or spouse’s name. Personal information is often publicly available, which makes it easier for someone to guess your password.
    • Use a longer password. Your password should be at least six characters long, and for extra security it should ideally be at least 12 characters if the site allows it.
    • If you need to write down your passwords, keep them in a secure place. It’s even better if you encrypt your passwords, or write down hints for them that others won’t be able to understand.
    • Don’t use the same password for each account. If someone discovers your password for one account, all of your other accounts will be vulnerable.
    • Try to include numbers, symbols, and both uppercase and lowercase letters if the site allows it.
    • Avoid using words that can be found in the dictionary. For example, swimming1 would be a weak password.

You can test you current password here for a rough idea.

Or click the link and use the more advanced version below that includes a password generator too!

  • Random passwords are the strongest. Use Our Password Generator instead of trying to think of your own.
  • Random passwords are more difficult to remember, so create a mnemonic device. For example, J=jNp2# can be remembered as Jelly = jam NOT preserves 2 #. This may still seem random, but with a bit of practice it becomes relatively easy to memorize. You can also choose a sentence you know you’ll remember and then use the first letter of each word in the sentence, plus a few symbols or numbers, as your password.

Password managers

Instead of writing your passwords on paper where others can easily see them, you can use a password manager to encrypt and store them online. Some password managers can also generate random passwords, making your information even more secure. Examples of password managers include LastPass, KeePass (My Choice), Firefox’s password manager, and Google Chrome’s password manager.

For example, when using LastPass, you will first need to install the LastPass browser plugin. Whenever you type a password on a website, the browser plugin will ask you whether you want to save it. The next time you go to the website, LastPass can automatically enter the password for you. If someone else wants to use your computer, you can simply log out of LastPass to prevent the other person from accessing your information.

mongo

Published: February 24, 2017