Upload
chuckthomassql
View
415
Download
1
Embed Size (px)
Citation preview
Organized Spam: Today's Racket
● Globally costing us $130B in 2009
● A list of a million emails cost $25 or less
● Spammers paid nearly nothing in 3rd world
● They pay $600 for WinRumer to generate countless spambots to trash sites, steal your identity
● It's so cheap they blast it to everybody
● They are often beyond jurisdiction
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Today’s Takeaways
• How passwords are hacked and avoiding it.
• How to identify links you should not click.
• How to effortlessly retrieve unique hard-to-crack
passwords in a secure place. (www.lastpass.com)
• Easy/free browser tools to confirm your bad feeling a
site is creepy. (www.mywot.com)
What's their game?
● Hack your email to spam for them – break into your other accounts.
● Pose as legitimate organizations and ask for your credit card, Social Secruity, other personal information. This is known as Phishing.
● To get money directly from you if you are foolish enough.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
What's their target?
The entire planet.
Some of the incredibly stupid spam is targeted to attack incredibly clueless people that respond.
They are relentless, esp. the Borg-like spambots…they will “assimilate” your PC into zombies to spam for them if possible.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Where are they from?
As just mentioned, spammers could hijack your PC to spam for them. Spam sites tend to be in East or South Asia, former Soviet states, accessed by either locals or Americans.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Much of this is common sense
● Don't rush
● Ignore any “call for action” and click
● Investigate
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
1st – The Basics
Have a recent and FULL backup on DVDs ($25) or external hard drive (about $85)
Backup hardware is the only expense needed in this slideshow.
Google: EaseUS for free backup software
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Need a Firewall to stop threats BEFORE they enter your computer
• Windows Vista / 7 / 8 users activate it inside the Control Panel (Windows Firewall)
• If using older Windows (like xp) – download Microsoft Security Essentials (free) or a free personal firewall from COMODO.com
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Then you need an anti-virus product to kill the intruders that get thru the firewall. These products have free versions:
● Microsoft Security Essentials (includes a firewall)
● AVG
● Avast
A FULL anti-virus scan weekly overnight.
Need to keep current on Microsoft updates, as most address security.
Trivia: Microsoft typically does their updates the 2nd Tuesday of the month after 3pm Dallas time.
It’s known as “Patch Tuesday”
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
When Installing software, consider opting out of most/all options
• Toolbar add-ons are notorious for having spyware
• Notifications for update, while legit, do slow down your computer’s boot, and could compromise your privacy
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Remember this one thing!
Password Hacking Spambots
● AAAAAA
● AAAAAB
● AAAAAC
● …etc, etc.
● if you have a short and simple password, this brute force attempt WILL burn you if you don't change it periodically.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Yahoo Job Groups
● Very spam-ridden unless moderated
● Suspect emails if no subject following the Yahoo Group name in brackets
● If content if just a link – delete as spam
● If content has a generic message around the link (i.e. comment spam) – it's likely spam
● If you know the person – contact them!
● If you have been hacked by a spammer, change your password and do a full anti-virus scanner
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Another danger: Clicking without forethought
Spammers LOVE people who are too busy!
Great way to catch malware
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
What is Phishing?
A fraudulent email claiming to be from an organization urging you to give out a password, Social Security number, credit card #, etc. NEVER do this!
The easiest way to expose many of the phishing scams is select the body of the email, right-click, and do a Google search…it’s probably reported on sites like www.snopes.com.
If you right-click the URLs of the “official” images – they will often look 3rd party – not like the organization they claim to be.
Example on next two slides….
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
> Continued…
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
A Woodcreek member that didn't change her password
From: [email protected]
To: Way_too_many_business_contacts
Subject: VACATION PROBLEM
I'm writing this with tears in my eyes,my family and I came down here to UNITED KINGDOM for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us...sob, sob, sob.
Swipe this, right-click and Google will expose this at snopes.com and other sites.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
If a friend you know got hacked….
• Call or forward the email back to them!
• If you use Hotmail/Outlook – click “My friend’s been hacked!”
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
If you stop using an online account, seriously consider closing it.
Why?
Idle email, Twitter, other accounts WILL eventually get hacked by spambots
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
“Crap! Knew I should have changed that short password last year”
Spambot: “Bet you used the same password for your Twitter, bank accounts – that’s next!”
Strong Passwords
● 8+ characters
● Mixing alpha, numbers, special characters is better
● Avoid Family/Pet names
● Routinely incrementing by number or date is better
● Do not use the same password other accounts.
● If your browser offers to remember passwords – Don't!
There is an easy way to do this, answer in a couple of slides.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Resist the urge to save passwords as cookies and become prey to the Dark Side
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Use www.lastpass.com instead
• Works on desktop, notebook, tablet, smartphones
• Windows, Apple, Linux
• Browsers Internet Explorer, Firefox, Chrome, Apple Safari, Opera
• It’s free!
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
How can LastPass.com help?
• It securely stores your passwords in an easy to find place for all your internet devices
• It generates unique passwords for you
• It automatically logs on for you (with permission)
• It can coach you to better security
• But DO NOT record your master password on your computer or in the cloud
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
The LastPass Security Challenge can help you make passwords hack-proof
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
If you record your password or hints – LIE!
Intentionally write down your password wrong in a way YOU know what it really is. If someone else tries it they won't be able to hack you.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Spammers are wolfs in sheep’s clothing.
Is it easy to expose them? Yes!
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
What if our browsers could call out scammers like that late 80's TV ad did for car salesman Joe Izuzu? (i.e. "He's Scamming")
There is an app for that and it’s easy!
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Go to mywot.com - download this browser add-on, refresh browser.
It works for smartphones, tablets, notebooks, desktops, Windows/Apple/Linux, browsers Internet Explorer, Firefox, Chrome, Safari, Opera.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Note: Web of Trust rates trustworthniess.
Among other things, that includes unsuitable content such as porn and hate speech, sites that may do identity theft, malicious sites, unreliable online business sites, and scammers.
The WOT app is like the Oil Gauge or Check Engine light on your car’s dashboard. When the WOT red circle appears, you decide if you are still interested in the site.
Once you download the WOT app on your browser, a ring will appear – usually by the URL to indicate the trustworthness of the site with a score 0-100.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Score typically 100-80
Score typically 50-0
Job Seeker's Defense Against Spammers – September 7, 2012
Example: WOT Finds a Scam
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Rubbish Alert: Picture of a beautiful person living in Mountain View, California, that’s probably from Manila. (tools to prove it) Why did “John” and couple others sign this same post as “Andrea?” (Hint: he may not even know how to speak English – read on)
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Why is his profile missing? Hmmm…
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
“John Duggan” sez you gotta click this site….
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
….but look at the top of your browser (right corner if Chrome) – it’s zoomed in on this slide
The WOT add-on rated this site with a scarlet circle with a rating of 5 out of 100 – how fast should you run?
www.realwritingjobs.com claims to be an easy way to make money at home as an online writer…
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
How it looks in Internet Explorer – see the red circles?
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
How it looks in Apple Safari: warning is front and center
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
If you really want to investigate realwritingjobs.com, on your browser, swipe and right-click it to activate your fav search engine. Google found a site revealing it’s a borderline scam site you will probably pay more in fees than you will make in publishing articles.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Really Creepy Sites
The ones with the popups. When you leave, popups will beg you to stay, sometimes even physically keeping you from leaving. In those instances, close the browser, killing it with Task Manager (search or run taskmgr.exe) is necessary, or even shutting the computer down.
Examples of such sites are “scareware” that makes it seem your PC is infected with hundreds of viruses in an attempt to make you buy.
Q: How do you tell a forum/group spammer?
A: They don’t talk back – just like that empty chair
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Related: Don’t feed trollers/flamers on LinkedIn Groups
Besides: Employers can SEE you!
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
• What is a troller? Anyone that joins a group/forum simply to disrupt. In person, few are brazen enough to pee in a public swimming pool or scream “Fire” in a theater, but on the net losers do it all the time.
• Flamer/agitator: Occasionally a person will be obsessed with ONE topic to the exclusion of everything else in their life, often of the socio/political variety. They rant on it and badger others to agree, often with an extremist viewpoint.
• Arguments on forums are a bad idea. On the phone or in person, people can sense “Enough!”, but on forums people often go well beyond that and get enraged. Other reasons such as being anonymous.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
I recently opined on a LinkedIn Pet Group, then was flamed by a couple of Animal Rights members that said I was not current on that topic. I asked for links, but they spend far more energy ranting demanding I blindly be a yes-man to these strangers, then childishly hated on every character I typed.
So I unjoined that LinkedIn Group and reported one of them to LinkedIn…she had nothing in her profile: No location, profession, nothing – so why is a non-professional on LinkedIn?
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Moral of the story: Don’t argue with idiots. They will bring you down to their level then beat you with experience.
Seriously, act like a shopkeeper on social media such as LinkedIn, Facebook, Twitter, anything. Shopkeepers bite their tongue on hot topics such as politics, don’t argue – just be nice to all and get their business!
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Sometimes it's better to just get a new email
● The old email may be impossible to clean up
● Just be very selective on the use of your new email
● Some email services such as Microsoft Outlook make it easy to go into new mail/old email
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Web email with best spam filters
● Gmail
● Hotmail (respectable 2nd)
● Yahoo (well behind)
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
If you are concerned with the Google search engine revealing your privacy, consider www.startpage.com
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Emails in general
● Again, check for no subject, suspicious or ALL CAPS subject● Hover over the sender – you should see their email. Does the name look machine-generated, have a product name in it, or otherwise just odd? It may be a spammer● Many job seekers abandon their email after landing. You should continue to network, but if you retire that email, change the password to a long phrase to hack-proof it.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
One way of publishing your email:
WoodcreekJobSeeker AT Gmail DOT COM
instead of [email protected]
…this may defeat spambots doing idenity theft
Yes, this is a bit parnoid, optional
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
"I'm not a Network Engineer so how do I find potential spyware and other junk on my Windows PC?"
Download Soluto.com
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
What's Soluto.com?
• A free download for individual Windows desktop/notebook users.
• In a user-friendly way, it identifies on future boots items that are potentially useless, harmful, or invade your privacy
• Soluto and internet users opin on the services you boot up with if they are good/bad, spy on you and give you reasons why.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
How not to look like a spammer
Make a brief introduction – who you are and where you met. Spammers and trollers are notorious for not identifying themselves, so an intro puts your audience at ease.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
Avoid participating in Chain Letters
In many cases, they are playing on fears, superstitions, or part of a multimarketing scheme…do you want to be associated with that?
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas
A really extreme way to avoid viruses and malware: ditch Windows
Does not always work, but Linux and Apple are much smaller targets.
Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas