Malware tricks and tips to safeguard your email accounts

20 June 2014

For those of you unfamiliar with some of the tactics designed to compromise you, a little clarification.
(and we have not even touched on digital messaging yet)
USB Sticks in a mac - always scan them 
Emails sent from supposedly legitimate, trustworthy sources, complete with branding, entreating you to sign in via a link to a rogue lookalike website which then records  key information such as usernames, passwords, and credit card details that you input.

Examples of this include all of the online banks, Facebook, Twitter, LinkedIn, online gaming sites and Amazon. A lot of the time you will not know you are on the wrong site and the information will not be utilised by the perpetrators until much later.
Question: Do you use the same username and password when you login to different accounts ?
Drive by Download:
You visit a site and it automatically downloads some software onto your pc without even a click.Typically the software is tiny and in itself harmless, but what it then does is call down more small bits, each of which remains anonymous if scanned by your antivirus system.
It's when all the little bits get together to form a big bit, then you may be in trouble.
Automated mail scripts:
An automatic script that runs through tens of thousands of password permutations attempting to login into your account (s)
Apparently a lot of people use “123456”
If your password is easy, your account is vulnerable to scripts designed to scramble through thousands of password permutations. If your password is identified, your email accounts can be hijacked (Tips to avoid being hacked) to send spam and malware and your privacy is obsolete.
Make sure your password is difficult and a combination of letters, numbers and symbols at least 8 characters long with no reference to words found in the dictionary.  
Some basic rules and a few observations to keep you safe.
  1. Attachments - If you are not 100% sure who it is from, don't open it.
  2.  Be wary of familiar Fully branded emails enticing you to login to an established account. Malicious emails often have completely genuine links interspersed with fraudulent ones.
  3. If you think an email entreating you to login is suspect, delete it and if you must log in to your Facebook / LinkedIn / Candy Crush Saga account, first close down and re-open your browser and type in the url directly rather than using a link.
  4. If you must use USB Memory sticks, scan them first. Most if not all public companies forbid the use of memory sticks.
  5. Keep your web browser and any supporting software (such as Adobe Acrobat, Flash and Java) up-to-date and patched.
  6. Avoid using the same password at multiple sites.
  7. If you frequent dodgy websites, presume the worst.
  8. Keep your antivirus and internet protection updated and schedule full (time consuming) scans at least once a week.
  9. Support for windows xp ended in MAY 2014 and that includes providing security patching.


Post a comment

Recent Blogs