Email Malware

Malware Emails

Emails that look legitimate but are actually malware delivery tools show up in our inbox everyday.

How can you be positive that the email is a fake? 

1.) Most of the emails you get will have legitimate images attached to them, but they will usually be fraught with spelling and grammatical errors.

2.) They will have multiple places for you to click for further information. The goal is for you to click through to a site to get the malware.

3.) If you hang your mouse pointer over the links in the email and view the link that shows, it never is to a legitimate site. Most of them will go to shortened links or to somewhere that makes no sense what so-ever.

4.) If you look at who sent the email the email address is usually from a Gmail or Yahoo account and not the actual company.

Email Malware

 

 

 

 

What should I do with it. Permanently Delete It!

Passwords

Passwords & Management

The Problem:
We all have passwords in our lives. How we create them, use them & manage them determines whether or not they will be compromised or in most cases, when they will be compromised and how bad it will be to recover. So lets take steps to be better stewards of our passwords.

You should always create unique passwords that use a combination of words, numbers, symbols and upper and lowercase letters. Most online software will force you to do this anyway. “Th1s!sAG00dPa55word” uses a combination of all these rules.

Longer passwords that use combinations of words are considered a best practice. Most websites will require between 8-12 characters as the minimum in length for a password. The longer the password, the harder it is to brute force attack your way to finding it. It is very easy to find software that will try thousands of passwords to break into your online account. These software packages use dictionaries of common words, combinations of words and or commonly used pass phrases to try. When they get access, they log the username and password they connected with.

Do not use easily guessed passwords such as “password”, “pa55word”, “1234”, “qwerty” etc. These will more than likely already be in a dictionary of passwords to try.

Do not choose passwords based on details in your life that you think may be confidential. Passwords that include your birthday, anniversary, mothers maiden name, family members, pets, phone numbers etc. You would be surprised what you can find online doing a simple google search of a persons name.

Avoid using the same password across multiple websites. If you visit a lot of sites that do not store any personally identifiable information about you, then you could use what security professionals call a disposable password. A password you don’t care gets stolen. For all other websites, that store your real name, phone number, address, etc. you should use a unique password.

Never use a password you’ve already used for an email account. If a website gets hacked and your name and password does get compromised, the first thing a hacker will do is try to get into your email. From there they can get all kinds of identifiable information about you to help them figure out other passwords you may use.

Don’t store a list of passwords on your computer in readable text or with a filename that says it may store passwords. Hackers love to find a file named passwords.txt or websites.txt etc. If you do store passwords on your computer then make sure you store them in a file with a non-obvious name and encrypt the file contents. There are many legitimate software programs that you can use to store usernames and passwords encrypted. Dashlane, LastPass and 1Password store usernames and passwords in the cloud (online) and secure them with a master password and encryption for a monthly cost. Keepass is an example of an open source (free) password storage program that you can use locally that encrypts its contents with a master password.

Web browsers can store passwords to sites you visit frequently. Although this is convenient, most of them store those passwords in readable format if you know where to look. Check the options section of your web browser for a security section and see if there is a way to see your usernames and passwords. If so, see if there is a way to protect them further. Firefox is an example of a browser that stores your usernames and passwords. Make sure you checkbox “use master password” to protect them.

With more and more of our lives being managed online rather than in-person, its all that more important to establish best practices for online security. Password management is a great first step to securing your online presence.

Router

Setup New Router or Modem

Tech Tips

What are the most important things to do when you get your new router or DSL/Cable Modem?

When you get your new modem/router it will have some sort of default setup and probably have the usernames and passwords listed on the bottom of it. Although the usernames and passwords are long and quite hard to remember (which makes them safer) they should be changed. Follow these simple setup tips to ensure you are not a victim of cyber-crime.

1.) Change the username and password used to access your modem/router. Use uppercase, lowercase and alphanumeric characters at least 8 characters minimum.
2.) Change the wireless SSID and key used for wireless access. Make sure you are using WPA2 security and AES encryption. Use uppercase, lowercase and alphanumeric characters at least 8 characters minimum for key. SSID can be anything. Don't use your name as the SSID, but rather something you will know is yours. Using your name advertises its your internet connection.
3.) Make sure that remote access to Admin interface is disabled.
4.) Make sure UPNP is disabled.
5.) Make sure Ping Testing is disabled.
6.) Make sure your firewall is setup at minimum to use NAT (Network Address Translation) and not allow any incoming ports. If you are hosting services you will use Port Forwarding to allow access to your services.
7.) Make sure DMZ is disabled.
8.) Turn off Network Map / List / Overview or make it accessible only when you are logged in to the modem/router.
9.) Turn on any additional Firewall Features such as SPI (Stateful Packet Inspection) and D/DOS (Distributed Denial of Service) protection.
10.) Monitor your security logs frequently or turn on ability for them to be sent to you via email.