Alerts

Alert: Desktop Security2010 – Another Rogueware program which seems to be spreading fast. This is NOT something you want on your pc.

May 16th

Job security is the probability that an individual will keep his or her job, and with the rate of computer clean up that I have to do that unfortunately seems to be going up and not down, I think I have job security for a while (Honestly, this is not the kind of job security that I want). We have had many posts on TGM about viruses, spyware, rogueware, yet the “my computer is infected” calls continue to come in, as people continue to fall for the tricks that get them infected.

The latest rogueware infection is called DesktopSecurity2010. What will happen if you get infected with the DesktopSecurity2010 rogueware

DesktopSecurity2010 is an adware program that warns users of non-existing threats in their computers so that they purchase a certain program that removes them from the computer.
Additionally, in order to make users think that their computer is really infected, it displays a warning message when the computer is restarted, and from time to time the screen fades to black and other times blinks with different colors.
DesktopSecurity2010 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

What should you look out for when web surfing

DesktopSecurity2010 is easy to recognize, as it shows the symptoms below (These are some possible symptoms, you can still get infected without seeing these):

It reaches the computer in a file with the following icon:
When it is run, a screen to install the program is displayed:
Once installed, it starts to carry out a system scan in search for possible malware and once finished, it displays warning messages informing users that the computer is infected:

One of the known ways that the rogueware is installing

The following post on the PandaLabs site (LINK: http://pandalabs.pandasecurity.com/making-new-friends%e2%80%a6/ (http://pandalabs NULL.pandasecurity NULL.com/making-new-friends%e2%80%a6/)) shows 1 of the ways you can get infected. Two of the clean up jobs that I have had to do in this past week occurred because the user also fell for a greeting card email as described below (Confirmed).

Making new friends…

Posted on 05/13/10 by Olaiz

I’m very happy because I’ve received a greeting card via email from a new friend, thought it’s not my birthday, my saint’s day or anything like that :-)

Look what a nice card I’ve received:

Google_groups_email_en

Besides, it has been sent from 123greetings, which is a legal website to download and send cards, so it must be trustworthy.

I’ve clicked the picture of the message and I’ve been redirected to the website http://luxxxx.googlegroups.com/web/setup.zip, but I can’t see any greeting card here, but a Google groups website containing a link… maybe I have to follow the link in order to view it…

There’s no way. I can only see the Windows of an antivirus called DesktopSecurity2010 (http://www NULL.pandasecurity NULL.com/homeusers/security-info/218297/DesktopSecurity2010) informing me that my computer is infected and that I have to pay the license in order to eliminate the malware. I think that I got infected :-( and I have neither a greeting card nor a new friend…

Now, talking seriously, yesterday we commented how this false antivirus was using Google Groups users (with malicious intentions) to be distributed. In fact, the URL from which the rogueware is downloaded is like the following:

http://Google Groups user.googlegroups.com/web/setup.zip

Some of these users are felixss, gorlum or misterxyz.

Google has reacted to this and has started blocking these malicious users. So, if you try to access any URL that uses these malicious users, the following message is displayed informing you that the user cannot be found:

Google_groups

Even so, some malicious accounts may still be active, so don’t trust messages like this and don’t follow any link like those we’ve previously mentioned in this post.

So what can you do to help protect yourself

If you get a link, email, instant message, asking you or telling about something you were not expecting, even if it seems to be from someone you know, DO NOT TRUST IT! Getting a message from grandma saying check out the new pictures i upload and realizing she is 80 years old, ask yourself, does grandma really know how to upload pictures? It only takes a minute to call the person, and get a response to “did you send me….. message”, if they did, they will tell you instantly. If they didn’t they will be the 1st to say “What are you talking about”.
Because of Twitter, the use of link shorting sites seems to have become the norm. The problem is that a link to http://bit.ly/dr9Ucz (http://bit NULL.ly/dr9Ucz) could be a link to many place. How do you know if it is a safe link or not a safe link. Again, even if the link is sent to you by someone you know, DO NOT TRUST IT unless you were specifically expecting it. For the record, http://bit.ly/dr9Ucz (http://bit NULL.ly/dr9Ucz) is actually a link to techgeekandmore.com, and TGM does not list shorten links on the TGM site, because we want you to know where you are clicking to. One thing you can do to check shortened links is visit sites that expand the shortened link. (If you use one of these link expander services and copy the link, be careful to copy the link and NOT accidently double click on the link) Some of the sites you can visit to use to expand links

-> LongURL (LINK: http://longurl.org/ (http://longurl NULL.org/)), PrevURL (LINK: http://www.prevurl.com/index.php (http://www NULL.prevurl NULL.com/index NULL.php)), ExpandMyURL (http://www NULL.expandmyurl NULL.com/) (LINK: http://www.expandmyurl.com/ (http://www NULL.expandmyurl NULL.com/)), URL Snoop (http://urlsnoop NULL.com/) (LINK: http://urlsnoop.com/ (http://urlsnoop NULL.com/)), Securi.net (http://sucuri NULL.net/?page=tools&title=check-url) (LINK: http://sucuri.net/?page=tools&title=check-url (http://sucuri NULL.net/?page=tools&title=check-url)). At all the sites, enter the shortened URL and click to find out where the link will lead

-> In addition if you use Firefox to browse the web, you can install LongURLPlease (LINK: http://www.longurlplease.com/ (http://www NULL.longurlplease NULL.com/)), or LongURL (LINK: http://longurl.org/tools (http://longurl NULL.org/tools)), which are Firefox browser extensions that automatically preview the destination URL for shortened links from just about any shortener you can name.

As always make sure that your PC is updated with all the latest Windows Updates, your Anti-virus is updated, your install of JAVA is updated, your install of Adobe Flash player is updated, Your PDF reader is updated. Most viruses, spyware, rogueware use problems with these programs to get into your computer. Use can use sites like File Hippo (LINK: http://www.filehippo.com/ (http://www NULL.filehippo NULL.com/) ) to check and make sure your programs are up to date.

What to do if you do get infected

If you still get infected, you can use SuperAntispyware and Malwarebytes programs to clean your machine, I recommend downloading both before you get any infection. Run them on a regular basis (Regular = once a week or so), even if your computer does not show any signs of issues.

To download both programs I recommend using Ninite (LINK: ninite.com)

If you would like to see more information on ninite you can see the TGM post http://www.techgeekandmore.com/2009/12/25/software-two-must-haves-for-the-new-pc-pc-decrapifier-and-ninite/

If after running SuperAntispyware and Malwarebytes, you are still infected, then you will need to use a PE (Physical Environment) disk. The PE disk that TGM recommends is UBCD (LINK: http://www.ubcd4win.com (http://www NULL.ubcd4win NULL.com)). The how to for the UBCD can be found at http://www.ubcd4win.com/howto.htm (http://www NULL.ubcd4win NULL.com/howto NULL.htm) .

#Panda Labs Alert, desktopsecurity2010, Panda Labs, Rogue Antivirus Malware, Rogue Malware Alert

Facebook: TGM Test which proves one of the six things you need to know about Facebook Connections

May 11th

Posted by anovelo in Alerts

No comments

A few minutes ago, TGM Posted information concerning the New Facebook Connections. The information was from the EFF (Electronic Frontier Foundation), and TGM wanted to test and see if we could show you #6 in the list of Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook) (LINK: http://www.techgeekandmore.com/2010/05/10/facebook-connections-eff-electronic-frontier-foundation-privacy-changes-six-things-to-know/ ) because #6

Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).

For some reason just bugged more than the other 5. The sad thing to report is that within a couple of moment we were able to recreate #6. This affects anyone who posts anything on their or other peoples wall with a setting of “Everyone”.

To make it clear, this happened when posting to a wall with the EVERYONE setting, which means when you post the lock is set to Everyone (Example below).

As noted once I hit share it gets added to the wall.

That is where most people would assume that my post would end. However, it doesn’t, and this is where #6 of the 6 things you need to know comes in play

Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).

As it says if you use the name of a Connections page in your post on your wall, it may show up on the Connections page. In my test I used FB….I (Note its is FBI but there is a space), and when I go to the FBI Connections page (LINK: http://www.facebook.com/pages/FBI/109596699068116?v=stream&ref=ts (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts)) to my surprise we find

my post for my wall. I didn’t talk about the FBI, I said FB…I, yet I am now listed on a Connections page for the FBI (Of which I don’t believe it has any direct involvement with the actual Bureau). If I didn’t visit the FBI Connections why is my post here. In addition there are other people who have posts for FBI or FB…I that get posted continuously.

So before you post something with EVERYONE settings, you better think about what your posting as it may go past your wall.

EFF, Electronic Frontier Foundation, Facebook, Facebook Changes, Facebook Connections, Facebook Feature, Facebook Preferences, Facebook Privacy, Facebook Privacy Settings

Facebook: Six Things You Need to know about Facebook Connections.

May 10th

Posted by anovelo in Alerts

No comments

With the changes to Facebook that recently announced, here is some additional information concerning the Newly Announced Facebook Connections. The Following post is from the EFF (Electronic Frontier Foundation) (LINK: http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook))

Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook)

Commentary (http://www NULL.eff NULL.org/blog-categories/commentary) by Kurt Opsahl (http://www NULL.eff NULL.org/about/staff/kurt-opsahl)

"Connections." It’s an innocent-sounding word. But it’s at the heart of some of the worst of Facebook’s recent changes.

Facebook first announced (http://blog NULL.facebook NULL.com/blog NULL.php?post=382978412130) Connections a few weeks ago, and EFF quickly wrote at length about the problems they created (http://www NULL.eff NULL.org/deeplinks/2010/04/facebook-further-reduces-control-over-personal-information). Basically, Facebook has transformed substantial personal information — including your hometown, education, work history, interests, and activities — into "Connections (http://www NULL.eff NULL.org/deeplinks/2010/04/handy-facebook-english-translator#connections)." This allows far more people than ever before to see this information, regardless of whether you want them to.

Since then, our email inbox has been flooded with confused questions and reports about these changes. We’ve learned lots more about everyone’s concerns and experiences. Drawing from this, here are six things you need to know about Connections:

Facebook will not let you share any of this information without using Connections. You cannot opt-out of Connections. If you refuse to play ball, Facebook will remove (http://www NULL.facebook NULL.com/help/?faq=17121) all unlinked information from your profile.
Facebook will not respect your old privacy settings in this transition. For example (http://voices NULL.washingtonpost NULL.com/fasterforward/2010/04/facebook_privacy_contd NULL.html), if you had previously sought to share your Interests with "Only Friends," Facebook will now ignore this and share your Connections with "Everyone."
Facebook has removed your ability to restrict its use of this information. The new privacy controls only affect your information’s "Visibility," (http://www NULL.eff NULL.org/deeplinks/2010/04/handy-facebook-english-translator#visibility) not whether it is "publicly available."

Explaining what "publicly available" means, Facebook writes (http://www NULL.facebook NULL.com/policy NULL.php):

"Such information may, for example, be accessed by everyone on the Internet (including people not logged into Facebook), be indexed by third party search engines, and be imported, exported, distributed, and redistributed by us and others without privacy limitations."
Facebook will continue to store and use your Connections even after you delete them. Just because you can’t see them doesn’t mean they’re not there. Even after you "delete" profile information, Facebook will remember it (http://www NULL.facebook NULL.com/help/?faq=17121). We’ve also received reports that Facebook continues to use deleted profile information to help people find you through Facebook’s search engine.
Facebook sometimes creates a Connection when you "Like" something. That "Like" button you see all over Facebook, and now all over the web? It too can sometimes add a Connection (http://www NULL.facebook NULL.com/help/?faq=17219) to your profile, without you even knowing it.
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).

EFF, Electronic Frontier Foundation, Facebook, Facebook Changes, Facebook Connections, Facebook Features, Facebook Preferences, Facebook Privacy

Facebook: How to OPT OUT of the Facebook Instant Personalization feature

May 10th

Posted by anovelo in Alerts

No comments

In the past couple of weeks, Facebook has made many changes that can at minimum be considered troubling to anyone concerned about their information getting shared publicly. The following post and video comes from the EFF (The Electronic Frontier Foundation)**. (LINK: http://www.eff.org/deeplinks/2010/04/how-opt-out-facebook-s-instant-personalization (http://www NULL.eff NULL.org/deeplinks/2010/04/how-opt-out-facebook-s-instant-personalization)).

(SOAPBOX) TGM is NOT advocating a position on either side of the debate (At this time), everyone who uses technology should be aware of their choices and be able to find what works for them. It is up to each person to chose how much information they care to expose publicly, what 1 person thinks is unacceptable, someone else may see as just the cost of getting a new feature. The following information is directed at those who believe the steps Facebook is taking is unacceptable (END SOAPBOX)

How to Opt Out of Facebook’s Instant Personalization

Deeplink by Kurt Opsahl (http://www NULL.eff NULL.org/about/staff/kurt-opsahl)Update: Friday morning Facebook changed its privacy settings layout, making it a bit more challenging to opt out completely. As before, unchecking the “Allow” box is not sufficient because you need to block each Instant Personalization website to fully opt out. However, the previous path (via “Learn More”) to the necessary Block Application buttons was removed, with Facebook suggesting instead you first go to the sites (at which point your information is disclosed), and then click “‘No Thanks’ on the blue Facebook notification on the top of partner sites.” To fully opt out, you need to:

Go to the Instant Personalization (http://www NULL.facebook NULL.com/settings/?tab=privacy&section=applications&field=instant_personalization) privacy setting and uncheck the “Allow” button. Click confirm. Come back to this page.
Go to the page for Microsoft Docs (http://www NULL.facebook NULL.com/docs), click Block Application on the page, click Block Application on the pop-up, and click Okay on the next pop-up. Come back to this page.
Go to the page for Pandora (http://www NULL.facebook NULL.com/apps/application NULL.php?id=139475280761), click Block Application on the page, click Block Application on the pop-up, and click Okay on the next pop-up. Come back to this page.
Go to the page for Yelp (http://www NULL.facebook NULL.com/apps/application NULL.php?id=97534753161) , click Block Application on the page, click Block Application on the pop-up, and click Okay on the next pop-up. Come back to this page.
Optional: Go to the Facebook Site Governance (http://www NULL.facebook NULL.com/fbsitegovernance?v=wall&story_fbid=120701477944064) page, and express your opinion in a comment.

**About the EFF – From Wikipedia (http://en.wikipedia.org/wiki/Electronic_Frontier_Foundation (http://en NULL.wikipedia NULL.org/wiki/Electronic_Frontier_Foundation))

The Electronic Frontier Foundation (EFF) is an international non-profit digital rights advocacy and legal organization based in the United States. Its stated mission is to:

Engage in and support educational activities which increase popular understanding of the opportunities and challenges posed by developments in computing and telecommunications.
Develop among policy-makers a better understanding of the issues underlying free and open telecommunications, and support the creation of legal and structural approaches which will ease the assimilation of these new technologies by society.
Raise public awareness about civil liberties issues arising from the rapid advancement in the area of new computer-based communications media.
Support litigation in the public interest to preserve, protect, and extend First Amendment rights within the realm of computing and telecommunications technology.
Encourage and support the development of new tools which will endow non-technical users with full and easy access to computer-based telecommunications.

EFF, Electronic Frontier Foundation, Facebook, Facebook Feature, Facebook Instant Personalization Feature, Facebook Privacy, Facebook Privacy Settings

Alert: Fake IRS email scam. This is from the PandaLabs website

Apr 10th

Posted by anovelo in Alerts

No comments

With April 15th and the tax deadline here in the US being just a few days away, here is an alert from the PandaLabs Website (LINK: http://pandalabs.pandasecurity.com/ (http://pandalabs NULL.pandasecurity NULL.com/)). This alert especially goes to all those internet users out there that seem to believe everything they get in an email (You know who you are).

***************************************************************************************************************

From PandaLabs Website (LINK:http://pandalabs.pandasecurity.com/irs-1042-w-identity-theft-scam/ (http://pandalabs NULL.pandasecurity NULL.com/irs-1042-w-identity-theft-scam/))

IRS 1042-W Identity Theft Scam (http://pandalabs NULL.pandasecurity NULL.com/irs-1042-w-identity-theft-scam/)

Posted on 04/9/10 by Sean-Paul Correll (http://pandalabs NULL.pandasecurity NULL.com/author/sean-paul-correll/)

It’s tax season in the United States and the April 15th filing deadline is approaching quickly. Every year around this time U.S. citizens stress about getting their finances in order and reported to the Internal Revenue Service in time to avoid penalties. Careful though, because that nervousness might just help a cyber criminal steal your identity. A fake IRS Tax Form (1042-W, which apparently doesn’t even exist) has been spammed out and is currently circulating on the Internet.

The e-mail arrives disguised as an official correspondence (irs@irs.gov) from a rep named Cindy at the Internal Revenue Service.

Fake IRS E-mail

Two PDF attachments are included with the email, both of which were authored in Microsoft Word 2007.

Fake IRS PDF Documents

Fake IRS PDF Documents (1042-S B.PDF and 1042-S A.PDF)

The first document introduces the 1042-W form and reads:

Dear Sir/Madam,

Our record indicates that you have not submitted your form 1042-W. As a result, you are exempted from United States of America Tax reporting and withholdings, on interest paid you on your account and other financial dealing to protect your exemption from tax on your account and other financial benefit in rectifying your exemption status.

Therefore, you are to authenticate the following by completing form 1042-W, and return to us as soon as possible through the fax number: +1-780-669-7364

Fake IRS Document

The second PDF document is the form itself. It asks for the following:

Name
Date of Birth
Nationality
Place of Birth
Address
Passport Number
Mothers Maiden Name
Social Security Number
Profession
Bank Name/Account/Pin – Date bank account was opened and branch location
Attached photocopy of passport

Fake IRS Tax Form (1042-W)

After completing the form, the instructions call for faxing it over to a phone number (+1-780-669-7364) located in Alberta, Canada.

Sending this form over to the criminals would most definitely result in a stolen identity. The IRS has stressed year after year that it does not make unsolicited requests via e-mail. Here are some tips on how to spot an IRS scam and what to do if you receive one in your inbox:

How to Spot a Scam

Many e-mail scams are fairly sophisticated and hard to detect. However, there are signs to watch for, such as an e-mail that:

Requests detailed or an unusual amount of personal and/or financial information, such as name, SSN, bank or credit card account numbers or security-related information, such as mother’s maiden name, either in the e-mail itself or on another site to which a link in the e-mail sends the recipient.
Dangles bait to get the recipient to respond to the e-mail, such as mentioning a tax refund or offering to pay the recipient to participate in an IRS survey.
Threatens a consequence for not responding to the e-mail, such as additional taxes or blocking access to the recipient’s funds.
Gets the Internal Revenue Service or other federal agency names wrong.
Uses incorrect grammar or odd phrasing (many of the e-mail scams originate overseas and are written by non-native English speakers).
Uses a really long address in any link contained in the e-mail message or one that does not start with the actual IRS Web site address (www.irs.gov). To see the actual link address, or url, move the mouse over the link included in the text of the e-mail.

What to Do

The IRS does not initiate taxpayer contact via unsolicited e-mail or ask for personal identifying or financial information via e-mail. If you receive a suspicious e-mail claiming to come from the IRS, take the following steps:

Do not open any attachments to the e-mail, in case they contain malicious code that will infect your computer.
Do not click on any links, for the same reason. Also, be aware that the links often connect to a phony IRS Web site that appears authentic and then prompts the victim for personal identifiers, bank or credit card account numbers or PINs. The phony Web sites appear legitimate because the appearance and much of the content are directly copied from an actual page on the IRS Web site and then modified by the scammers for their own purposes.
Contact the IRS at 1-800-829-1040 to determine whether the IRS is trying to contact you.
Forward the suspicious e-mail or url address to the IRS mailbox phishing@irs.gov (phishing null@null irs NULL.gov), then delete the e-mail from your inbox.

Email scam, Fake IRS Email, IRS 1042-W, IRS notice scam, IRS Scam, PandaLabs, PandaLabs Alert, tax season

Alert: Email – What steps you should take to try and protect yourself from getting your email hacked.

Apr 1st

Posted by anovelo in Alerts

No comments

I just found out that someone I know got Hacked and lost control of their email. This isn’t the 1st person I know to get their email hacked, in fact I get asked for help at least once a month from someone (clients, co-workers, friends, and family included) who needs help trying to get their email back. With our total reliance on email for our daily lives, trying to access your email one morning only to find out that someone else has changed the password on you and is can now go thru your digital life is both upsetting (insert expletive here) and be very scary as well.

Here are some steps from experience as to what you need to do both now and if this were to happen to you.

Now that you have a functioning email account -

1 – Find out if your email service has the ability to add a “Secondary account” notification. If they do, add a 2nd email address, and make sure that the 2nd email address is not on the same service as the email address you are trying to protect. What do I mean by same service, if your main email is …….@gmail.com (…… NULL. null@null gmail NULL.com), then when you add your secondary address set up or sign up for an address at Hotmail or Yahoo or with your local internet provider. Many of the people who have been hacked who have multiple addresses at on email provider lose access to all the accounts with that provider.

In addition many sites like Gmail require you to know exactly what day you signed up for the service to confirm it is you who are the true owner. Look at the settings area of your email account (if you use services like hotmail, Gmail, or yahoo mail), it should say member since XX/XX/XXXX. You need to write down somewhere (that cant been seen be everyone else – See #4 for more) when you signed up for the service you are trying to protect.

2 – Many email providers also include the “Secret question or Secret Word” hints when recovering email address passwords. Do not use questions like “My favorite Disney character” with a response of “Mickey” or another one of my favorites “where do I work” with the response of “Boeing” your email ends in …@Boeing.com (… null@null Boeing NULL.com). I know its hard to keep track of all this passwords and information, but at the same time, when you keep the “Hints” simple, you also make it simple for someone else to figure out what the answer is and use that against you.

3 – Use a better password. SERIOUSLY THIS ONE GETS ME EVERYTIME…….I have had more than 1 person tell me that their password is 1234 and others someone tell me that the password was their 1st name, which also happens to be the name of the email address, so that had 1stname@yahoo (1stname null@null yahoo) with a password of 1stname. Passwords should look something like (EXAMPLE ONLY) ComPlicated1@ at minimum (Note the use of a couple of multiple capital letters plus a number plus a character). Some please actually change letters and numbers so that if the password actually looks like C0mP1iC@ted1 (C0mP1iC null@null ted1)@ (Note the use of zero and one instead of the letters and the @ sign instead of the letter a), however I will be the 1st to say that version may drive some people crazy trying to type it.

4 – DO NOT USE STICKY TAGS STUCK TO YOUR MONITOR OR AN 8×11 PIECE OF PAPER STICK TO YOUR WALL TO WRITE DOWN USER NAME AND PASSWORDS. (This one is for both home and business users) How many people may visit your house or work (anyone from the repair tech or babysitter at home to someone visiting your corporate office or even your co-workers), do you really trust all those people that much, that 1 of them couldn’t maybe while walking by or in the area of your computer see your sticky notes and then try to use them later. For years everyone has heard about how you should cover what you type when you are at the ATM so that anyone near you cant see what your doing, its the same rule with your passwords, get them out of the way.

5 – Many sites require you to sign up using an email address / password. If you have sites like that do NOT use the same password on the sites that you use on your email. Example, JohnDoe@gmail (JohnDoe null@null gmail) uses signs into email using ComPlicated1@ as his password. If you then sign up for Facebook for example with that same email address DO NOT USE ComPlicated1@ as the password on Facebook. Make it something completely different. The problem with using the same password on both your email and sites your sign up for, is that if the site you signed up for screws up or gets hacked, it could be very easy for the bad guys to get your information from that site and then have a free ride into your email.

6 – NOT 1 SINGLE SERVICE OUT THERE WILL EVER SEND YOU OUT A NOTICE THAT SAYS “WE ARE CHECKING OUR ACCOUNT INFORMATION, CAN YOU PLEASE RESPOND TO THIS EMAIL WITH YOUR LOG ON TO MAKE SURE WE HAVE THE CORRECT INFORMATION”. Your bank does NOT do that, your credit card company does NOT do that, your email provider does NOT do that. NEVER NEVER NEVER fall for one of those emails and respond back with your information. That also includes the government, you will NOT get your IRS refund check back sooner if you respond to that email about “We are the IRS and we need to confirm your banking info so that we may deposit your check quicker”. I know #6 is not only about emails but I think the example makes the point. Do NOT fall for it.

If you get hacked and lose access here is what to do -

I’m going to use Gmail for this example, but virtually all other services have the same features, you just have to look for the address for your specific service.

The following options are recommended by Google Support when your forget the Gmail password or if someone else takes ownership of your Google Account and changes the password:

1. Reset Your Google Account Password:

Type the email address associated with your Google Account or Gmail user name at Google.com/accounts/ForgotPasswd (https://www NULL.google NULL.com/accounts/ForgotPasswd) – you will receive an email at your secondary email address with a link to reset your Google Account Password.

This will not work if the other person has changed your secondary email address or if you no longer have access to that address.

2. For Google Accounts Associated with Gmail

If you have problems while logging into your Gmail account, you can consider contacting Google by filling this form (http://www NULL.google NULL.com/support/accounts/bin/request NULL.py?service=mail). It however requires you to remember the exact date when you created that Gmail account.

3. For Hijacked Google Accounts Not Linked to Gmail

If your Google Account doesn’t use a Gmail address, contact Google by filling this form (http://www NULL.google NULL.com/support/accounts/bin/request NULL.py?hl=en&ctx=accounts_hc&contact_type=hijack). This approach may help bring back your Google Account if you religiously preserve all your old emails. You will be required to know the exact creation date of your Google Account plus a copy of that original “Google Email Verification” message

Email, email hacked, getting email back after account hacking, gmail account hacked, Hacked, Losing control of your email account, protecting your email from hacking

Alerts

Alert: Desktop Security2010 – Another Rogueware program which seems to be spreading fast. This is NOT something you want on your pc.

What should you look out for when web surfing

One of the known ways that the rogueware is installing

Making new friends…

So what can you do to help protect yourself

What to do if you do get infected

Facebook: TGM Test which proves one of the six things you need to know about Facebook Connections

Facebook: Six Things You Need to know about Facebook Connections.

Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook)

Facebook: How to OPT OUT of the Facebook Instant Personalization feature

How to Opt Out of Facebook’s Instant Personalization

Alert: Fake IRS email scam. This is from the PandaLabs website

IRS 1042-W Identity Theft Scam (http://pandalabs NULL.pandasecurity NULL.com/irs-1042-w-identity-theft-scam/)

Alert: Email – What steps you should take to try and protect yourself from getting your email hacked.

Help Support TGM

TGM in your Language

TechGeekandMore Pages

Search TGM

TGM Catagories

TGM Friends

My latest tweets

Archives

Alerts

Alert: Desktop Security2010 – Another Rogueware program which seems to be spreading fast. This is NOT something you want on your pc.

What should you look out for when web surfing

One of the known ways that the rogueware is installing

Making new friends…

So what can you do to help protect yourself

What to do if you do get infected

Facebook: TGM Test which proves one of the six things you need to know about Facebook Connections

Facebook: Six Things You Need to know about Facebook Connections.

Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook)

Facebook: How to OPT OUT of the Facebook Instant Personalization feature

How to Opt Out of Facebook’s Instant Personalization

Alert: Fake IRS email scam. This is from the PandaLabs website

IRS 1042-W Identity Theft Scam (http://pandalabs NULL.pandasecurity NULL.com/irs-1042-w-identity-theft-scam/)

Alert: Email – What steps you should take to try and protect yourself from getting your email hacked.

Help Support TGM

TGM in your Language

TechGeekandMore Pages

Search TGM

TGM Catagories

TGM Friends

My latest tweets

Archives

Tags