Binary Code
Computers and other electronic devices store information as Binary Code (which is a series of 1s and 0s that might look like this: 10101001 01101100 11001010).
Network Topology Map
A Network Topology Map is a diagram of a computer network's components, including network access points and connections between its various parts.
Fake Anti-Virus Software
Fake Anti-Virus Software - also known as 'scareware' - is designed to trick you into buying worthless anti-virus protection that you do not need.
Domain Name System
The Domain Name System (DNS) is like the ‘telephone book’ of the Web – it translates a website's name into its corresponding numerical IP address on the Internet.
Social Engineering
A Phishing e-mail is an attempt to trick the recipient into giving up information, such as account, credit card or password information.
Data Encryption
Data Encryption is the intentional scrambling of information into unreadable form - until it is later converted back into its original form by the intended recipient.
Botnet, or Compromised Computers
A Botnet is a collection of computers compromised by a malware attack that can be controlled remotely (via the Internet) to attack websites, send out spam emails, etc.
Distributed Denial of Service Attack
A Distributed Denial of Service (DDoS) Attack can use a botnet to force a website, network or other resource to shut down by overloading it with requests for data.
USB Flash Drive
A USB Flash Drive, aka a 'stick drive' or 'thumb drive' is a portable data storage device which connects to a computer's USB port to send and receive data.
Electronic vs. Static Media
Static Media is something like a book, magazine or printed photo, while Electronic or Digital Media (websites, digital photos, etc.) requires power to be viewed.
Administrative Access
A user with Administrative Rights has unrestricted power to create, modify or delete files, folders, settings and programs on a particular computer.
Computer Security Tip of the Week
Scott Aurnou – LinkedIn’s new ‘Intro’ app is cool… and dangerous. Learn more about it (and the security risks that come with it) here…
If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.
By Scott Aurnou
‘Phishing’ attacks are designed to steal your personal, financial and/or log in information. This can be done in a few ways, including via email or text message (referred to as ‘smishing’). They often contain links to websites that look legitimate but are really there to steal your account log in information or host malware ready to attack your computer as soon as you click on the link. These emails and messages can also be used to lure you into contact with scam artists posing as potential clients or officials offering to release substantial funds to you if only you would be so kind as to give them detailed personal information and/or a sum up front. Phishing attacks are generally designed to get you to take action by either frightening or tempting you. Some of them are actually very well crafted. Some not so much. And some border on the ridiculous. Here are a couple of examples, along with explanations of what to look out for to avoid falling victim to one of the scams.
This message purports to come from ‘Commonwealth Bank of Australia’ and reads:
This email notification is to confirm that your CommBank Internet Banking profile has been reset.
Email Address
Phone Number
You have received this message because you or someone other than you authorized this request online, by phone, or at a CBA Bank branch.
If this wasn’t you, please LOG ON immediately and verify your identity to prevent misuse of your account
https://www.my.commbank.com.au/netbank/Logon/Logon.aspx
Sincerely,
CommBank Customer Service Reference: SB141963321
DB05159C1A62995E0440021283BC08
Please do not reply to this email.
While you should always be very suspicious of any unsolicited email appearing to come from a bank, this one is a fairly well-designed phishing attack. It includes an accurate-looking bank logo and is relatively well-written. It’s still fake, though. The threat of a locked account is a fairly typical one used by scam artists and is intended to scare you into immediate action. Invariably, you can ‘reauthorize’ your account if you just give the sender your personal and/or log in information. Never do this. The threat is fake. The message does not come from the actual Commonwealth Bank, your account is not locked and ‘reauthorizing’ it is simply giving your information to cyber criminals. Another thing that can make this phishing email appear convincing is that it appears to come from a “noreply@commbank.com.au” email address, which looks legitimate. Unfortunately, a sender’s name and/or email address can be faked through a process known as ‘spoofing.’
If you do see an email like this, don’t think twice and don’t respond to it or click on any links in the message. Just delete it. If you are at all concerned when you receive one, contact the bank directly, using the telephone number on the back of your bank card or on one of your bank statements. You can also go directly to the bank’s website to check. Just be sure you don’t call any number or click on any link in the email itself.
Read more ›
Computer Security Tip of the Week
Scott Aurnou – Cybercrooks & scam artists are all too happy to take advantage of you during the holiday season. Here are some tips to stay safe while shopping online.
Websites referenced in this video include:
FileHippo
Secunia
AppFresh for Mac
Sophos Anti-Virus for Mac
Avast for Mac
Intego VirusBarrier
Malwarebytes
If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.
By Scott Aurnou
Spear phishing isn’t new, but it remains a very effective method of attack. A regular ‘phishing’ attack involves a cyber criminal (or criminals) sending numerous general email messages that try to trick the recipients into revealing personal, financial and/or log in information. Variations include attacks through websites, text messages and even automated phone calls (aka ‘robocalls’). An attack will randomly appear in the recipient’s email inbox as a message purporting to come from a trusted business like a bank, major airline, delivery service, PayPal, or perhaps the IRS or some other governmental agency, and some of them look convincingly accurate.
A craftier version of a phishing attack is a single email directed at a specific person (or people) within an organization (including you, personally), as opposed to just whoever happens to fall for it. This is a spear phishing attack and will include details about the recipient and/or organization – obtained through publicly available or other sources – to make the recipient trust the sender… and fall into the trap. If you’re wondering how plausible this is, just think about the information about you on your LinkedIn and Facebook pages, among others. And, if that’s not enough, the personal information stored on your phone or tablet can also be used to trick you if you’ve inadvertently downloaded an app carrying a mobile Trojan.
While modern corporate email filters are fairly good at blocking most spam and many regular phishing emails, they are far less effective at keeping out the targeted spear phishing attacks that pose a greater danger to company networks.
Read more ›
Computer Security Tip of the Week
Scott Aurnou – Social media sites are designed for sharing information, but what you share and who you share it with will determine if hackers, scam artists and real world thieves can get that information and potentially use it against you, your friends or loved ones.
If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.
