Tag Archives: phishers

4 Email Account Security Tips

Posted on by
Reply

submitted by Peter Chronis

These days criminals are using a variety of techniques to compromise and gain access to accounts across the Internet.  They then often use these compromised accounts to send spam or gain unauthorized access to a victim’s private information (emails, banking information, etc.).

Just take a look at all the recent stories about stolen passwords and hacked accounts from some of the most popular sites on the Internet today.

phishingpasswordsTo reduce the risk of getting your accounts hacked into or compromised, we recommend that you take the following precautions to protect yourself:

1. Be Careful What You Click
Never reply to emails or click on email links that ask for your username and password. Our spam prevention partners have tracked a significant increase in phishing worldwide. Criminals often use phishing scams to help gather credentials.  Phishing is a term used to describe false emails sent from spammers claiming to be sent from a legitimate company (for example, EarthLink or well-known banks) and asking for your username and password. These fraudulent emails may look quite authentic – so beware.

2. Use Varying Usernames and Passwords
Don’t use the same username and password across multiple sites like email, banking and social network sites. Recent security research revealed that, on average, people use the same credentials to log into 49 different sites. Email usernames and passwords can be acquired from security breaches suffered by other service or product providers (tens of millions of credentials have been reported this year alone by other service or product providers). If you are using the same password for your EarthLink account as other accounts that were breached, then spammers may use this information to access your EarthLink email and send spam.

For these reasons, it’s good to have a system to generate strong, unique passwords for all the sites you use. Just follow these three simple steps.

You can change your EarthLink password here at any time.

3. Run an Antivirus Program to Curb Malware Infections
Some malware today is designed to run stealthily on your computer while it records the usernames and passwords to sites you access (your Web Mail, online banking, etc.).  Some security firms are reporting malware infection rates as high as 1 in 3 computers worldwide.  To protect yourself, the first step is to run an antivirus scan on your computer.  This can be done with any antivirus program of your choice.  EarthLink offers Norton 360 Online as a premium antivirus subscription with a Free 30-Day Trial if you want to check it out.

4. Choose Your Secret Hint and Word Wisely
A secret word or hint is often used to verify your identity when account changes are being made. You should not use information associated with you that is readily available on the Internet or through other sources. If you are unsure, try doing a quick Internet search for yourself to see what you can find.  If you can find it, so can a hacker.

Stay safe out there and never hesitate to reach out if you have additional questions around email or password security.

For further support from EarthLink, visit our Knowledgebase Support Center.

6 Ways to Spot Spam

Posted on by
1

1. Requests for Personal Information
No professional organization will ask for your social security, bank, check, or PIN number in an e-mail.  Mark these emails as SPAM and delete them promptly without responding.

2. Spelling and Grammar Mistakes
The worse the spelling and grammar, the more likely it’s a SPAM email.  Delete and move on.


3. Click-able Links
Don’t trust links in e-mails. What might look like a legitimate link is often linked to a third-party site that looks official, but is actually run by the emailing scammers.  For example, if you get an email that looks like it’s from your bank telling you your account is closed, type your usualy banking URL into your browser to check it directly (instead of clicking the link in the email).  You may find that the email is SPAM.  Mark it as such and delete it.

4. Attachments in e-mails from anyone you don’t know
Never open an attachment from someone you don’t know. It’s likely a virus or spyware that will sit on your computer to steal your personal information.

5. Outdated Info
Some scammers like to pretend to be customer support from a company you trust, but slip up when it comes to accuracy. For example, in the picture, the  below, the spammers forgot Earthlink bought Mindspring in 2000.

6. Alarming Phrases
“Verify your account,” “you won!” or “if you don’t respond in __ hours, your account will be locked” are phrases that ONLY appear in SPAM.  Mark it and delete without clicking or replying.

Phishers and Scammers are Getting Smarter…Are You?

Posted on by
1

Most of us have heard of the term phishing and have probably been attacked by it more than once. Phishing is attempting to acquire information from users while posing as a trustworthy individual in an electronic communication.  “Phishing” generally refers to attacks in your email inbox, but there are three others to know of: vishing, smishing, and whaling.

“Vishing” is a phishing attack on your VoIP (voice over IP) phone.  If you don’t have a VoIP phone then you are not at risk, as land lines are not susceptible to this kind of attack. Like phising, a message sent to a thousand possible emails, vishing is sent to a thousand possible VoIP phones.  Vishing happens when victims receive voice messages asking to contact their bank about fraudulent bank account activity.  The attack is successful when users call the number and are then prompted by voice commands to enter personal information, or they are connected with someone appearing to be a bank representative. Providing information can then lead to stolen credit card numbers, or full-on identity theft.

“Smishing” is a phishing attack on your mobile phone via text messaging or Short Message Service (SMS) messaging.  Same concept as above, text messages are sent to your phone asking you to go to a website or call a number where you are met by someone attempting to steal your personal and critical information.

Finally, “whaling” is a specified attack on senior business leaders.  These attacks are more specific, as scammers are doing their homework and compiling business email addresses, job titles, direct telephone numbers, and reporting employee names of business executives and compiling direct attacks over email.  Executives are prone to fall to these attacks as the information in the emails leads them to believe the messages are legit.  The email message may contain and attachment or point executives to a website, where once clicked, a program is downloaded to the user’s PC and confidential information is then compromised.  This attack is a little different as the scammers are not only interested in obtaining personal information on the user, but are also after confidential and proprietary information of the company.

A lot of successful phishing attacks go unreported because the victims don’t want to appear gullible enough to be stooped by these attacks.  Sometimes we throw logic reason out the door and fall, even though we think we are too smart to do so.  Continue to delete the emails, but also remember to delete the voicemails and the text messages.  And remember, if you have a small suspicion that something isn’t right, it probably isn’t!

EarthLink IT Services offers numerous security services to protect against these attacks.  Check out our security service product suite HERE!

Google Goes Against Goggle

Posted on by
Reply

Everybody mistypes web addresses. I know I certainly do.

So what happens when you enter the wrong URL?

Sometimes you land on an error page saying there’s no page at that address and suggesting alternatives. Sometimes you simply go to another legitimate website that happens to have the name you mistyped.

But since Internet traffic is valuable, very often you go to a less-than-legit website that is set up solely to capture all the traffic that comes from misspellings of a popular site. Often these sites are just a bunch of ads for random products or products related to the site you originally wanted. In the worst cases, these sites are promoting scams. That’s what Google has been fighting.

As reported by Tech Crunch, Google – the Internet search leader – had filed a complaint with the National Arbitration Forum to try to get control of the domain names goggle.com, goggle.net and goggle.org from a little-known (and possibly shady) company called Goggle.com Inc. This complaint was dismissed yesterday.

Google’s complaint was that the domain names – Google.com and Goggle.com – are confusingly similar and that Goggle.com is intentionally trying to profit off that confusion.

The Goggle (not Google) sites even appear to be operating some kind of phisher or other scam, so we advise you not to visit them. (Visit our support.earthlink.net site for more information about phisher scams.)

Google is likely to take the case to a federal court. In the meantime, what, if anything, should you do?

To avoid this specific Google issue, EarthLink members can always search with the Google search engine at the top of their myEarthLink Start Page.

But whenever you find yourself at a website that doesn’t look like what you were expecting, double-check the address in your browser. If you’re in the wrong place, simply re-type the address and leave. You’ll be much safer if you don’t interact at all with the page at the misspelled address.

We’ll keep you posted if there’s any more Google/Goggle news.