Wednesday, December 10, 2014

Holiday spam

This is a message I received today from "Target". I use quotes because this is obviously spam.

Why, you say? Well, beyond the fact that Google categorized it as such, I want to point out a few things about this specific message that can help you identify a suspicious message.


1. The "from" address is clearly not from "target.com". You should always be suspicious of an address with a Domain that does not match the sender. This is your first -- but not only -- indicator of the validity of this message.

2. Delivery date doesn't match the message. Now, I received this message in mid-December, but it talks about Thanksgiving soon approaching. Certainly, a company like Target wouldn't make such an erroneous mistake. Big companies have entire groups of marketing professionals to ensure goof-ups like this won't happen.

3. Funky logo in the message. If you are familiar with Target, you'll know that the logo above is not what Target uses. This is a clear warning sign of a suspicious message.

4. Hyperlink does not go to "target.com". This is the very best evidence that this e-mail is malicious. I've highlighted the actual link at the bottom of the picture above. Because the link doesn't take you to "target.com", you should be extremely cautious about clicking on it. In this specific message, the link redirects to a Web site that downloads a virus to your computer, then redirects to the actual Target site. The objective is to fool you and to infect your PC so it can be used to attack others.

For even more advice and tips, review this good document (PDF) from the U.S. Government's Computer Emergency Response Team (CERT). 

Thursday, December 4, 2014

How not to get hacked

The article "How not to get hacked" appears in entirety on CNN Money. I've recreated it in bullet form and added some embellishments.

This article is a good reminder of the basic security protections you need to have in place, especially as we begin the holiday shopping season. OK, you probably already started... So review these tips!

  • Don't be stupid. Avoid bad links, don't visit questionable Web sites, don't fall for phishing scams, and don't download from unknown sources.
  • Use different/smarter passwords (help with that?).
  • Be careful what you store.
  • Use protection, including antivirus software, secure connections (HTTPS), and two-factor authentication (2FA) where possible.
  • Keep your software updated.

These tips are not a 100 percent complete list of everything you need to do, but it gets most of them right.

Friday, November 21, 2014

Recent retail data breaches may be related

I love reading Brian Krebs' articles; he's a very informative investigator. A recent blog article entitled "Link Found in Staples, Michael's Breaches" shares some very interesting news about recent breaches at Michael's (April 2014) and Staples (October 2014).

In both cases, malicious software was installed on cash registers and similar point of sale computer systems, which was then used to exfiltrate customers' credit card data. In the case of Michael's, the breach persisted over many months.

What Krebs has shared is that for both these incidents, the malware was identifed as communicating to the same command-and-control infrastructure - meaning, the same party is likely responsible.

The prediction by many security professionals is that we'll see more breaches as we get into the Black Friday/holiday shopping season. There are lots of great tips on how to avoid fraud this time of year; here is some great advice from IBM1:

"As the end of the year approaches, so do two of the largest holiday seasons in the United States - Thanksgiving and Christmas. The Friday after Thanksgiving has traditionally been one of the largest sales days for retailers. Many retailers offer huge discounts for shoppers on this day. This year, many stores are offering similar discounts far in advance of "Black Friday", as it is commonly known. Criminals are well aware of the extra retailer advertising and seek to exploit shoppers seeking lower pricing. This could be through phishing emails offering "deals too good to be true", misleading advertising, or fake charities. Infected point of sale devices is also becoming more prevalent, ever since Target's breach last season. We advise our readers to use extra caution this holiday season and "think before you click". A malicious URL could lead to malware. A fake website could be a ploy to steal money you intended for a legitimate charity. While the customer does not have the means of detecting an infected POS device, they can monitor their banking and credit / debit card statements for malicious activity."
At this time of year, it is good advice. You may also want to read up on how to protect yourself when using public WiFi.

1 Disclaimer: I am employed by IBM but the views and opinions shared here are my own. 

Saturday, October 11, 2014

Back from a hiatus

Well, I'm back to blogging after some time away. I have stopped and started blogging several times, and thus some of my older musings are now lost (no biggie). But it turns out I do have things to say and they require more than 140 characters. So, I'll give it another go here.

Thanks for sticking with me, friendly reader...