Job seekers defense against spammers/spambots Sept 7, 2012

Organized Spam: Today's Racket

● Globally costing us $130B in 2009

● A list of a million emails cost $25 or less

● Spammers paid nearly nothing in 3rd world

● They pay $600 for WinRumer to generate countless spambots to trash sites, steal your identity

● It's so cheap they blast it to everybody

● They are often beyond jurisdiction

Job Seeker's Defense Against Spammers – Sept 2012 – Chuck Thomas


Today’s Takeaways

• How passwords are hacked and avoiding it.

• How to identify links you should not click.

• How to effortlessly retrieve unique hard-to-crack

passwords in a secure place. (www.lastpass.com)

• Easy/free browser tools to confirm your bad feeling a

site is creepy. (www.mywot.com)

What's their game?

● Hack your email to spam for them – break into your other accounts.

● Pose as legitimate organizations and ask for your credit card, Social Secruity, other personal information. This is known as Phishing.

● To get money directly from you if you are foolish enough.


What's their target?

The entire planet.

Some of the incredibly stupid spam is targeted to attack incredibly clueless people that respond.

They are relentless, esp. the Borg-like spambots…they will “assimilate” your PC into zombies to spam for them if possible.


Where are they from?

As just mentioned, spammers could hijack your PC to spam for them. Spam sites tend to be in East or South Asia, former Soviet states, accessed by either locals or Americans.


Much of this is common sense

● Don't rush

● Ignore any “call for action” and click

● Investigate


1st – The Basics

Have a recent and FULL backup on DVDs ($25) or external hard drive (about $85)

Backup hardware is the only expense needed in this slideshow.

Google: EaseUS for free backup software


Need a Firewall to stop threats BEFORE they enter your computer

• Windows Vista / 7 / 8 users activate it inside the Control Panel (Windows Firewall)

• If using older Windows (like xp) – download Microsoft Security Essentials (free) or a free personal firewall from COMODO.com



Then you need an anti-virus product to kill the intruders that get thru the firewall. These products have free versions:

● Microsoft Security Essentials (includes a firewall)

● AVG

● Avast

A FULL anti-virus scan weekly overnight.

Need to keep current on Microsoft updates, as most address security.

Trivia: Microsoft typically does their updates the 2nd Tuesday of the month after 3pm Dallas time.

It’s known as “Patch Tuesday”


When Installing software, consider opting out of most/all options

• Toolbar add-ons are notorious for having spyware

• Notifications for update, while legit, do slow down your computer’s boot, and could compromise your privacy



Remember this one thing!

Password Hacking Spambots

● AAAAAA

● AAAAAB

● AAAAAC

● …etc, etc.

● if you have a short and simple password, this brute force attempt WILL burn you if you don't change it periodically.


Yahoo Job Groups

● Very spam-ridden unless moderated

● Suspect emails if no subject following the Yahoo Group name in brackets

● If content if just a link – delete as spam

● If content has a generic message around the link (i.e. comment spam) – it's likely spam

● If you know the person – contact them!

● If you have been hacked by a spammer, change your password and do a full anti-virus scanner


Another danger: Clicking without forethought

Spammers LOVE people who are too busy!

Great way to catch malware


What is Phishing?

A fraudulent email claiming to be from an organization urging you to give out a password, Social Security number, credit card #, etc. NEVER do this!

The easiest way to expose many of the phishing scams is select the body of the email, right-click, and do a Google search…it’s probably reported on sites like www.snopes.com.

If you right-click the URLs of the “official” images – they will often look 3rd party – not like the organization they claim to be.

Example on next two slides….


http://www.snopes.com/

> Continued…



A Woodcreek member that didn't change her password

From: [email protected]

To: Way_too_many_business_contacts

Subject: VACATION PROBLEM

I'm writing this with tears in my eyes,my family and I came down here to UNITED KINGDOM for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us...sob, sob, sob.

Swipe this, right-click and Google will expose this at snopes.com and other sites.


If a friend you know got hacked….

• Call or forward the email back to them!

• If you use Hotmail/Outlook – click “My friend’s been hacked!”


If you stop using an online account, seriously consider closing it.

Why?

Idle email, Twitter, other accounts WILL eventually get hacked by spambots



“Crap! Knew I should have changed that short password last year”

Spambot: “Bet you used the same password for your Twitter, bank accounts – that’s next!”

Strong Passwords

● 8+ characters

● Mixing alpha, numbers, special characters is better

● Avoid Family/Pet names

● Routinely incrementing by number or date is better

● Do not use the same password other accounts.

● If your browser offers to remember passwords – Don't!

There is an easy way to do this, answer in a couple of slides.


Resist the urge to save passwords as cookies and become prey to the Dark Side


Use www.lastpass.com instead

• Works on desktop, notebook, tablet, smartphones

• Windows, Apple, Linux

• Browsers Internet Explorer, Firefox, Chrome, Apple Safari, Opera

• It’s free!


http://www.lastpass.com/

How can LastPass.com help?

• It securely stores your passwords in an easy to find place for all your internet devices

• It generates unique passwords for you

• It automatically logs on for you (with permission)

• It can coach you to better security

• But DO NOT record your master password on your computer or in the cloud



The LastPass Security Challenge can help you make passwords hack-proof



If you record your password or hints – LIE!

Intentionally write down your password wrong in a way YOU know what it really is. If someone else tries it they won't be able to hack you.


Spammers are wolfs in sheep’s clothing.

Is it easy to expose them? Yes!


What if our browsers could call out scammers like that late 80's TV ad did for car salesman Joe Izuzu? (i.e. "He's Scamming")

There is an app for that and it’s easy!


Go to mywot.com - download this browser add-on, refresh browser.

It works for smartphones, tablets, notebooks, desktops, Windows/Apple/Linux, browsers Internet Explorer, Firefox, Chrome, Safari, Opera.


Note: Web of Trust rates trustworthniess.

Among other things, that includes unsuitable content such as porn and hate speech, sites that may do identity theft, malicious sites, unreliable online business sites, and scammers.

The WOT app is like the Oil Gauge or Check Engine light on your car’s dashboard. When the WOT red circle appears, you decide if you are still interested in the site.

Once you download the WOT app on your browser, a ring will appear – usually by the URL to indicate the trustworthness of the site with a score 0-100.


Score typically 100-80

Score typically 50-0

Job Seeker's Defense Against Spammers – September 7, 2012

Example: WOT Finds a Scam


Rubbish Alert: Picture of a beautiful person living in Mountain View, California, that’s probably from Manila. (tools to prove it) Why did “John” and couple others sign this same post as “Andrea?” (Hint: he may not even know how to speak English – read on)


Why is his profile missing? Hmmm…


“John Duggan” sez you gotta click this site….


….but look at the top of your browser (right corner if Chrome) – it’s zoomed in on this slide

The WOT add-on rated this site with a scarlet circle with a rating of 5 out of 100 – how fast should you run?

www.realwritingjobs.com claims to be an easy way to make money at home as an online writer…


http://www.realwritingjobs.com/

How it looks in Internet Explorer – see the red circles?


How it looks in Apple Safari: warning is front and center


If you really want to investigate realwritingjobs.com, on your browser, swipe and right-click it to activate your fav search engine. Google found a site revealing it’s a borderline scam site you will probably pay more in fees than you will make in publishing articles.


http://www.realwritingjobs.com/

Really Creepy Sites

The ones with the popups. When you leave, popups will beg you to stay, sometimes even physically keeping you from leaving. In those instances, close the browser, killing it with Task Manager (search or run taskmgr.exe) is necessary, or even shutting the computer down.

Examples of such sites are “scareware” that makes it seem your PC is infected with hundreds of viruses in an attempt to make you buy.

Q: How do you tell a forum/group spammer?

A: They don’t talk back – just like that empty chair


Related: Don’t feed trollers/flamers on LinkedIn Groups

Besides: Employers can SEE you!


• What is a troller? Anyone that joins a group/forum simply to disrupt. In person, few are brazen enough to pee in a public swimming pool or scream “Fire” in a theater, but on the net losers do it all the time.

• Flamer/agitator: Occasionally a person will be obsessed with ONE topic to the exclusion of everything else in their life, often of the socio/political variety. They rant on it and badger others to agree, often with an extremist viewpoint.

• Arguments on forums are a bad idea. On the phone or in person, people can sense “Enough!”, but on forums people often go well beyond that and get enraged. Other reasons such as being anonymous.


I recently opined on a LinkedIn Pet Group, then was flamed by a couple of Animal Rights members that said I was not current on that topic. I asked for links, but they spend far more energy ranting demanding I blindly be a yes-man to these strangers, then childishly hated on every character I typed.

So I unjoined that LinkedIn Group and reported one of them to LinkedIn…she had nothing in her profile: No location, profession, nothing – so why is a non-professional on LinkedIn?


Moral of the story: Don’t argue with idiots. They will bring you down to their level then beat you with experience.

Seriously, act like a shopkeeper on social media such as LinkedIn, Facebook, Twitter, anything. Shopkeepers bite their tongue on hot topics such as politics, don’t argue – just be nice to all and get their business!


Sometimes it's better to just get a new email

● The old email may be impossible to clean up

● Just be very selective on the use of your new email

● Some email services such as Microsoft Outlook make it easy to go into new mail/old email


Web email with best spam filters

● Gmail

● Hotmail (respectable 2nd)

● Yahoo (well behind)


If you are concerned with the Google search engine revealing your privacy, consider www.startpage.com


Emails in general

● Again, check for no subject, suspicious or ALL CAPS subject● Hover over the sender – you should see their email. Does the name look machine-generated, have a product name in it, or otherwise just odd? It may be a spammer● Many job seekers abandon their email after landing. You should continue to network, but if you retire that email, change the password to a long phrase to hack-proof it.


One way of publishing your email:

WoodcreekJobSeeker AT Gmail DOT COM

instead of [email protected]

…this may defeat spambots doing idenity theft

Yes, this is a bit parnoid, optional


"I'm not a Network Engineer so how do I find potential spyware and other junk on my Windows PC?"

Download Soluto.com


What's Soluto.com?

• A free download for individual Windows desktop/notebook users.

• In a user-friendly way, it identifies on future boots items that are potentially useless, harmful, or invade your privacy

• Soluto and internet users opin on the services you boot up with if they are good/bad, spy on you and give you reasons why.


How not to look like a spammer

Make a brief introduction – who you are and where you met. Spammers and trollers are notorious for not identifying themselves, so an intro puts your audience at ease.


Avoid participating in Chain Letters

In many cases, they are playing on fears, superstitions, or part of a multimarketing scheme…do you want to be associated with that?


A really extreme way to avoid viruses and malware: ditch Windows

Does not always work, but Linux and Apple are much smaller targets.


Career

Job seekers defense against spammers/spambots Sept 7, 2012