59
Organized Spam: Today's Racket Globally costing us $130B in 2009 A list of a million emails cost $25 or less Spammers paid nearly nothing in 3 rd world They pay $600 for WinRumer to generate countless spambots to trash sites, steal your identity It's so cheap they blast it to everybody They are often beyond jurisdiction Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Job seekers defense against spammers/spambots Sept 7, 2012

Embed Size (px)

Citation preview

Page 1: Job seekers defense against spammers/spambots Sept 7, 2012

Organized Spam: Today's Racket

● Globally costing us $130B in 2009

● A list of a million emails cost $25 or less

● Spammers paid nearly nothing in 3rd world

● They pay $600 for WinRumer to generate countless spambots to trash sites, steal your identity

● It's so cheap they blast it to everybody

● They are often beyond jurisdiction

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 2: Job seekers defense against spammers/spambots Sept 7, 2012

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Today’s Takeaways

• How passwords are hacked and avoiding it.

• How to identify links you should not click.

• How to effortlessly retrieve unique hard-to-crack

passwords in a secure place. (www.lastpass.com)

• Easy/free browser tools to confirm your bad feeling a

site is creepy. (www.mywot.com)

Page 3: Job seekers defense against spammers/spambots Sept 7, 2012

What's their game?

● Hack your email to spam for them – break into your other accounts.

● Pose as legitimate organizations and ask for your credit card, Social Secruity, other personal information. This is known as Phishing.

● To get money directly from you if you are foolish enough.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 4: Job seekers defense against spammers/spambots Sept 7, 2012

What's their target?

The entire planet.

Some of the incredibly stupid spam is targeted to attack incredibly clueless people that respond.

They are relentless, esp. the Borg-like spambots…they will “assimilate” your PC into zombies to spam for them if possible.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 5: Job seekers defense against spammers/spambots Sept 7, 2012

Where are they from?

As just mentioned, spammers could hijack your PC to spam for them. Spam sites tend to be in East or South Asia, former Soviet states, accessed by either locals or Americans.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 6: Job seekers defense against spammers/spambots Sept 7, 2012

Much of this is common sense

● Don't rush

● Ignore any “call for action” and click

● Investigate

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 7: Job seekers defense against spammers/spambots Sept 7, 2012

1st – The Basics

Have a recent and FULL backup on DVDs ($25) or external hard drive (about $85)

Backup hardware is the only expense needed in this slideshow.

Google: EaseUS for free backup software

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 8: Job seekers defense against spammers/spambots Sept 7, 2012

Need a Firewall to stop threats BEFORE they enter your computer

• Windows Vista / 7 / 8 users activate it inside the Control Panel (Windows Firewall)

• If using older Windows (like xp) – download Microsoft Security Essentials (free) or a free personal firewall from COMODO.com

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 9: Job seekers defense against spammers/spambots Sept 7, 2012

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Then you need an anti-virus product to kill the intruders that get thru the firewall. These products have free versions:

● Microsoft Security Essentials (includes a firewall)

● AVG

● Avast

A FULL anti-virus scan weekly overnight.

Page 10: Job seekers defense against spammers/spambots Sept 7, 2012

Need to keep current on Microsoft updates, as most address security.

Trivia: Microsoft typically does their updates the 2nd Tuesday of the month after 3pm Dallas time.

It’s known as “Patch Tuesday”

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 11: Job seekers defense against spammers/spambots Sept 7, 2012

When Installing software, consider opting out of most/all options

• Toolbar add-ons are notorious for having spyware

• Notifications for update, while legit, do slow down your computer’s boot, and could compromise your privacy

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 12: Job seekers defense against spammers/spambots Sept 7, 2012

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Remember this one thing!

Page 13: Job seekers defense against spammers/spambots Sept 7, 2012

Password Hacking Spambots

● AAAAAA

● AAAAAB

● AAAAAC

● …etc, etc.

● if you have a short and simple password, this brute force attempt WILL burn you if you don't change it periodically.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 14: Job seekers defense against spammers/spambots Sept 7, 2012

Yahoo Job Groups

● Very spam-ridden unless moderated

● Suspect emails if no subject following the Yahoo Group name in brackets

● If content if just a link – delete as spam

● If content has a generic message around the link (i.e. comment spam) – it's likely spam

● If you know the person – contact them!

● If you have been hacked by a spammer, change your password and do a full anti-virus scanner

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 15: Job seekers defense against spammers/spambots Sept 7, 2012

Another danger: Clicking without forethought

Spammers LOVE people who are too busy!

Great way to catch malware

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 16: Job seekers defense against spammers/spambots Sept 7, 2012

What is Phishing?

A fraudulent email claiming to be from an organization urging you to give out a password, Social Security number, credit card #, etc. NEVER do this!

The easiest way to expose many of the phishing scams is select the body of the email, right-click, and do a Google search…it’s probably reported on sites like www.snopes.com.

If you right-click the URLs of the “official” images – they will often look 3rd party – not like the organization they claim to be.

Example on next two slides….

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 17: Job seekers defense against spammers/spambots Sept 7, 2012

> Continued…

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 18: Job seekers defense against spammers/spambots Sept 7, 2012

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 19: Job seekers defense against spammers/spambots Sept 7, 2012

A Woodcreek member that didn't change her password

From: [email protected]

To: Way_too_many_business_contacts

Subject: VACATION PROBLEM

I'm writing this with tears in my eyes,my family and I came down here to UNITED KINGDOM for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us...sob, sob, sob.

Swipe this, right-click and Google will expose this at snopes.com and other sites.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 20: Job seekers defense against spammers/spambots Sept 7, 2012

If a friend you know got hacked….

• Call or forward the email back to them!

• If you use Hotmail/Outlook – click “My friend’s been hacked!”

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 21: Job seekers defense against spammers/spambots Sept 7, 2012

If you stop using an online account, seriously consider closing it.

Why?

Idle email, Twitter, other accounts WILL eventually get hacked by spambots

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 22: Job seekers defense against spammers/spambots Sept 7, 2012

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

“Crap! Knew I should have changed that short password last year”

Spambot: “Bet you used the same password for your Twitter, bank accounts – that’s next!”

Page 23: Job seekers defense against spammers/spambots Sept 7, 2012

Strong Passwords

● 8+ characters

● Mixing alpha, numbers, special characters is better

● Avoid Family/Pet names

● Routinely incrementing by number or date is better

● Do not use the same password other accounts.

● If your browser offers to remember passwords – Don't!

There is an easy way to do this, answer in a couple of slides.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 24: Job seekers defense against spammers/spambots Sept 7, 2012

Resist the urge to save passwords as cookies and become prey to the Dark Side

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 25: Job seekers defense against spammers/spambots Sept 7, 2012

Use www.lastpass.com instead

• Works on desktop, notebook, tablet, smartphones

• Windows, Apple, Linux

• Browsers Internet Explorer, Firefox, Chrome, Apple Safari, Opera

• It’s free!

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 26: Job seekers defense against spammers/spambots Sept 7, 2012

How can LastPass.com help?

• It securely stores your passwords in an easy to find place for all your internet devices

• It generates unique passwords for you

• It automatically logs on for you (with permission)

• It can coach you to better security

• But DO NOT record your master password on your computer or in the cloud

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 27: Job seekers defense against spammers/spambots Sept 7, 2012

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 28: Job seekers defense against spammers/spambots Sept 7, 2012

The LastPass Security Challenge can help you make passwords hack-proof

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 29: Job seekers defense against spammers/spambots Sept 7, 2012

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 30: Job seekers defense against spammers/spambots Sept 7, 2012

If you record your password or hints – LIE!

Intentionally write down your password wrong in a way YOU know what it really is. If someone else tries it they won't be able to hack you.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 31: Job seekers defense against spammers/spambots Sept 7, 2012

Spammers are wolfs in sheep’s clothing.

Is it easy to expose them? Yes!

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 32: Job seekers defense against spammers/spambots Sept 7, 2012

What if our browsers could call out scammers like that late 80's TV ad did for car salesman Joe Izuzu? (i.e. "He's Scamming")

There is an app for that and it’s easy!

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 33: Job seekers defense against spammers/spambots Sept 7, 2012

Go to mywot.com - download this browser add-on, refresh browser.

It works for smartphones, tablets, notebooks, desktops, Windows/Apple/Linux, browsers Internet Explorer, Firefox, Chrome, Safari, Opera.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 34: Job seekers defense against spammers/spambots Sept 7, 2012

Note: Web of Trust rates trustworthniess.

Among other things, that includes unsuitable content such as porn and hate speech, sites that may do identity theft, malicious sites, unreliable online business sites, and scammers.

The WOT app is like the Oil Gauge or Check Engine light on your car’s dashboard. When the WOT red circle appears, you decide if you are still interested in the site.

Page 35: Job seekers defense against spammers/spambots Sept 7, 2012

Once you download the WOT app on your browser, a ring will appear – usually by the URL to indicate the trustworthness of the site with a score 0-100.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Score typically 100-80

Score typically 50-0

Page 36: Job seekers defense against spammers/spambots Sept 7, 2012

Job Seeker's Defense Against Spammers – September 7, 2012

Example: WOT Finds a Scam

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 37: Job seekers defense against spammers/spambots Sept 7, 2012

Rubbish Alert: Picture of a beautiful person living in Mountain View, California, that’s probably from Manila. (tools to prove it) Why did “John” and couple others sign this same post as “Andrea?” (Hint: he may not even know how to speak English – read on)

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 38: Job seekers defense against spammers/spambots Sept 7, 2012

Why is his profile missing? Hmmm…

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 39: Job seekers defense against spammers/spambots Sept 7, 2012

“John Duggan” sez you gotta click this site….

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 40: Job seekers defense against spammers/spambots Sept 7, 2012

….but look at the top of your browser (right corner if Chrome) – it’s zoomed in on this slide

The WOT add-on rated this site with a scarlet circle with a rating of 5 out of 100 – how fast should you run?

www.realwritingjobs.com claims to be an easy way to make money at home as an online writer…

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 41: Job seekers defense against spammers/spambots Sept 7, 2012

How it looks in Internet Explorer – see the red circles?

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 42: Job seekers defense against spammers/spambots Sept 7, 2012

How it looks in Apple Safari: warning is front and center

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 43: Job seekers defense against spammers/spambots Sept 7, 2012

If you really want to investigate realwritingjobs.com, on your browser, swipe and right-click it to activate your fav search engine. Google found a site revealing it’s a borderline scam site you will probably pay more in fees than you will make in publishing articles.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 44: Job seekers defense against spammers/spambots Sept 7, 2012

Really Creepy Sites

The ones with the popups. When you leave, popups will beg you to stay, sometimes even physically keeping you from leaving. In those instances, close the browser, killing it with Task Manager (search or run taskmgr.exe) is necessary, or even shutting the computer down.

Examples of such sites are “scareware” that makes it seem your PC is infected with hundreds of viruses in an attempt to make you buy.

Page 45: Job seekers defense against spammers/spambots Sept 7, 2012

Q: How do you tell a forum/group spammer?

A: They don’t talk back – just like that empty chair

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 46: Job seekers defense against spammers/spambots Sept 7, 2012

Related: Don’t feed trollers/flamers on LinkedIn Groups

Besides: Employers can SEE you!

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 47: Job seekers defense against spammers/spambots Sept 7, 2012

• What is a troller? Anyone that joins a group/forum simply to disrupt. In person, few are brazen enough to pee in a public swimming pool or scream “Fire” in a theater, but on the net losers do it all the time.

• Flamer/agitator: Occasionally a person will be obsessed with ONE topic to the exclusion of everything else in their life, often of the socio/political variety. They rant on it and badger others to agree, often with an extremist viewpoint.

• Arguments on forums are a bad idea. On the phone or in person, people can sense “Enough!”, but on forums people often go well beyond that and get enraged. Other reasons such as being anonymous.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 48: Job seekers defense against spammers/spambots Sept 7, 2012

I recently opined on a LinkedIn Pet Group, then was flamed by a couple of Animal Rights members that said I was not current on that topic. I asked for links, but they spend far more energy ranting demanding I blindly be a yes-man to these strangers, then childishly hated on every character I typed.

So I unjoined that LinkedIn Group and reported one of them to LinkedIn…she had nothing in her profile: No location, profession, nothing – so why is a non-professional on LinkedIn?

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 49: Job seekers defense against spammers/spambots Sept 7, 2012

Moral of the story: Don’t argue with idiots. They will bring you down to their level then beat you with experience.

Seriously, act like a shopkeeper on social media such as LinkedIn, Facebook, Twitter, anything. Shopkeepers bite their tongue on hot topics such as politics, don’t argue – just be nice to all and get their business!

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 50: Job seekers defense against spammers/spambots Sept 7, 2012

Sometimes it's better to just get a new email

● The old email may be impossible to clean up

● Just be very selective on the use of your new email

● Some email services such as Microsoft Outlook make it easy to go into new mail/old email

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 51: Job seekers defense against spammers/spambots Sept 7, 2012

Web email with best spam filters

● Gmail

● Hotmail (respectable 2nd)

● Yahoo (well behind)

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 52: Job seekers defense against spammers/spambots Sept 7, 2012

If you are concerned with the Google search engine revealing your privacy, consider www.startpage.com

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 53: Job seekers defense against spammers/spambots Sept 7, 2012

Emails in general

● Again, check for no subject, suspicious or ALL CAPS subject● Hover over the sender – you should see their email. Does the name look machine-generated, have a product name in it, or otherwise just odd? It may be a spammer● Many job seekers abandon their email after landing. You should continue to network, but if you retire that email, change the password to a long phrase to hack-proof it.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 54: Job seekers defense against spammers/spambots Sept 7, 2012

One way of publishing your email:

WoodcreekJobSeeker AT Gmail DOT COM

instead of [email protected]

…this may defeat spambots doing idenity theft

Yes, this is a bit parnoid, optional

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 55: Job seekers defense against spammers/spambots Sept 7, 2012

"I'm not a Network Engineer so how do I find potential spyware and other junk on my Windows PC?"

Download Soluto.com

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 56: Job seekers defense against spammers/spambots Sept 7, 2012

What's Soluto.com?

• A free download for individual Windows desktop/notebook users.

• In a user-friendly way, it identifies on future boots items that are potentially useless, harmful, or invade your privacy

• Soluto and internet users opin on the services you boot up with if they are good/bad, spy on you and give you reasons why.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 57: Job seekers defense against spammers/spambots Sept 7, 2012

How not to look like a spammer

Make a brief introduction – who you are and where you met. Spammers and trollers are notorious for not identifying themselves, so an intro puts your audience at ease.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 58: Job seekers defense against spammers/spambots Sept 7, 2012

Avoid participating in Chain Letters

In many cases, they are playing on fears, superstitions, or part of a multimarketing scheme…do you want to be associated with that?

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas

Page 59: Job seekers defense against spammers/spambots Sept 7, 2012

A really extreme way to avoid viruses and malware: ditch Windows

Does not always work, but Linux and Apple are much smaller targets.

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas