Brian Krebs has written a new post warning about the dangers of fake order confirmation e-mails. 2 of the screenshots in the post show examples of fake order confirmation e-mails from Home Depot and Walmart, respectively. I don’t know with absolute certainty the dates the e-mails in these screenshots were sent, but because both e-mails mentioned Thanksgiving and have a copyright date of (or ending in) 2014, they are likely to be recent.
Nevertheless, Krebs is correct in referring to this type of e-mail as a “perennial scourge.” A quick Google search reveals similar scams going back as far as 2004, though the DSLReports scam does not seem to explicitly mention the holidays. Here’s another example in 2012 that probably linked to a phishing website. Here’s a third example Continue reading Protecting Yourself Against Fake Order Confirmation E-mails
McAfee has released a list of 12 holiday scams. Here are some thoughts I had on the items in the list:
1. Clicking any links in e-mails and using them to give personal information are generally bad ideas, and shipping notification e-mails are no exception. If you placed an order, they already have all the information they need to ship you the item, so why would they need to ask you for it again?
2. This tip isn’t very specific, but it brings to mind shady sites that steal your credit card information instead of actually shipping you items. It may help to look up stores at the BBB. For example, if you type in www.newegg.com into the search box, you will see that the store has an A+ rating, and then you can see why the store received that rating if you’re interested.
3. It’s important to always Continue reading My Thoughts On McAfee’s 12 Scams of The Holidays
Due to a cyberattack on JPMorgan Chase, the personal information of 76 million households has been stolen. According to the bank itself, names, addresses, phone numbers, and e-mail addresses were compromised, but there is no evidence that account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised.
Even if your password was stolen, the damage done with that password will likely be limited to what anyone with access to only the bank’s services and information can do as long as Continue reading Personal Information from 76 Million Households Stolen
Google has revealed the identity of a Gmail user suspected of sending explicit pictures of a child, leading to his arrest.
In this case, a predator may been caught, but the incident also indicates that your e-mail is not as private as you might like it to be. Google recently failed to have a potential class action lawsuit alleging that it wiretaps Gmail dismissed.
As Google itself has said, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties”. These words serve as a sobering reminder that whenever you place any kind of information into the hands of Gmail, webmail providers in general, or any third-party service, even for completely legal purposes, you can expect that the information may be seen by humans other than your intended recipient (or at least scanning bots). This includes apps such as Snapchat, which, as I wrote in an earlier post, Bruce Schneier does not think we can rely on to protect our privacy.
According to threat intelligence firm CloudStrike, Chinese cyber spies have been targeting think tanks, ostensibly to obtain information on the potential disruption of Chinese oil interests in Iraq. Spear-phishing, the act of sending an e-mail tailored to a specific individual (as opposed to e-mails sent out en masse to many different individuals, which is simply “phishing”) to fraudulently induce them to give away personal information such as their e-mail password, is hardly a new tactic; nor is the Chinese government the only group which has been accused of using it. In February 2014, the Syrian Electronic Army hacked into Forbes using the same tactic. In many cases, the true perpetrator of an attack is unclear, especially when Internet traffic is routed through the accused country.
I’m going to leave the finger-pointing to governments and the private firms that investigate such attacks. I will instead focus on how you can protect yourself against such attacks. While Continue reading How to Protect Yourself Against Spear-Phishing