Wednesday, November 23, 2016

Watch out: ɢoogle.com isn’t the same as Google.com

It isn't unusual for bad guys to buy fake domain names that resemble real ones. Often they use simple character substitution.

For example, in h0medep0t.com, you'll notice there is a zero (0) where there should be a letter O. Although this example looks pretty obvious, often we don't take time to scrutinize what's in the address bar of the web browser.

Or, we jump to the link without looking closer, such as in an email or a text message where the real URL doesn't match up with the link displayed. In most email programs, like Microsoft Outlook, you can hover over the displayed link with your mouse cursor to see the actual web location that the link redirects you to—the URL—but this feature isn't available in all operating systems or in all email clients. You won't necessarily have this ability on your smart phone or web email client, for example.

This is why I don't click links sent to me—even from people I know—without scrutinizing them first. Here is a PCWorld article with more information about validating links: http://www.pcworld.com/article/248963/how_to_tell_if_a_link_is_safe_without_clicking_on_it.html.

Here is more about the Google scam. Scammers use a domain name that looks like Google.com but isn't: ɢoogle.com. Look at the "G." It isn't a standard letter that you'd type on a keyboard. It is actually a symbol, which uses a different character set. International (or extended) characters like this one are rendered on your computer screen by typing a specific combination of keys and numbers on a standard keyboard.

For more info, do a web search on the phrase "character set."

Here is the full article about the bad ɢoogle.com:
http://www.analyticsedge.com/2016/11/heres-a-secret-%C9%A2oogle-com-is-not-google-com/.

Saturday, November 19, 2016

Beware fake phone calls from "customer service"

It cannot be said enough: hang up on callers whom you do not know, especially if they are trying to elicit any information from you. Better yet, if you don't recognize the phone number of the caller, don't pick up. Scam artists are less likely to try again if you're not answering.

Protect yourself and your employer by taking advantage of Caller ID service on your phone. Personally, if a call comes in to my cell phone from an unknown number, I let it go to voice mail.

It seems there is a new phone scam every day. Reported by Trustwave this week is a ruse that targets hotel and restaurant chains. This scam is perpetrated by a known cyber criminal gang that employs very convincing social engineering techniques like name-dropping and familiarity with other "insider" knowledge about your org chart.

When the caller reaches the hotel or restaurant's customer service line by phone, he/she claims to be a client who cannot log in to the reservations system. The caller may claim to know your boss or C-level executive.

Remember that this type of information about your company is available on the web to anyone. It takes little effort to mine LinkedIn profiles and gather intelligence about your organization's personnel structure.

An email is sent to the customer service rep with a malicious Microsoft Word document attached. When clicked, malware is executed behind the scenes that provides access to the company's credit card database and other sensitive information.

Click here for the story: This malware attack starts with a fake customer service call. When in doubt, just hang up!

Sunday, November 6, 2016

Election scams - Don't fall for them

It is officially election week in the United States. This opens up lots of opportunities for social engineers and crooks to take advantage of voters. Emotions are high right now, making it tough for us to be at our best, but this is exactly the time to be vigilant.

Be on the lookout for online scams and, as a rule, just don't click. Phone scams abound too—just hang up.

For example, if you receive a message inviting you to vote by texting, forget it. Delete the message. You can't sit in your living room and click a link to vote—at least, not this year. You also cannot vote by phone.

Stay on the lookout for last-minute "urgent" messages saying that your voter registration has expired or your polling station has moved. Ignore requests for last-minute donations to win the election in your party's favor.

Another good way to be duped is through fake email messages purporting to deliver the latest election results. Do not click links or attachments! If you want to know the latest, navigate to your favorite news site in your web browser, or turn on your TV. Don't ever expect emailed or texted links about news articles to be legitimate.

For more information, see the November 3 Huffington Post article: Watch out for these last-minute election scams.

Stop. Think. Do not click!