Wednesday, December 10, 2014

Holiday spam

This is a message I received today from "Target". I use quotes because this is obviously spam.

Why, you say? Well, beyond the fact that Google categorized it as such, I want to point out a few things about this specific message that can help you identify a suspicious message.

1. The "from" address is clearly not from "". You should always be suspicious of an address with a Domain that does not match the sender. This is your first -- but not only -- indicator of the validity of this message.

2. Delivery date doesn't match the message. Now, I received this message in mid-December, but it talks about Thanksgiving soon approaching. Certainly, a company like Target wouldn't make such an erroneous mistake. Big companies have entire groups of marketing professionals to ensure goof-ups like this won't happen.

3. Funky logo in the message. If you are familiar with Target, you'll know that the logo above is not what Target uses. This is a clear warning sign of a suspicious message.

4. Hyperlink does not go to "". This is the very best evidence that this e-mail is malicious. I've highlighted the actual link at the bottom of the picture above. Because the link doesn't take you to "", you should be extremely cautious about clicking on it. In this specific message, the link redirects to a Web site that downloads a virus to your computer, then redirects to the actual Target site. The objective is to fool you and to infect your PC so it can be used to attack others.

For even more advice and tips, review this good document (PDF) from the U.S. Government's Computer Emergency Response Team (CERT). 

Thursday, December 4, 2014

How not to get hacked

The article "How not to get hacked" appears in entirety on CNN Money. I've recreated it in bullet form and added some embellishments.

This article is a good reminder of the basic security protections you need to have in place, especially as we begin the holiday shopping season. OK, you probably already started... So review these tips!

  • Don't be stupid. Avoid bad links, don't visit questionable Web sites, don't fall for phishing scams, and don't download from unknown sources.
  • Use different/smarter passwords (help with that?).
  • Be careful what you store.
  • Use protection, including antivirus software, secure connections (HTTPS), and two-factor authentication (2FA) where possible.
  • Keep your software updated.

These tips are not a 100 percent complete list of everything you need to do, but it gets most of them right.