Vital Internet Security Alerts and Information for the
everyday Non-technical Computer user, Internet User and
Web Surfer who just wants to be safe doing basic stuff
without the hassle of viruses, spyware, or worse.
I'm very pleased that you're here today, and that you're
concerned about your computer and Mobile security and family
Internet Safety. I look forward to your early return to
the Security Alert Blog.
"Some software applications
have default settings that allow other users to access
your computer unless you change the settings to be more
secure. Examples include chat programs that let
outsiders execute commands on your computer or web
browsers that could allow someone to place harmful
programs on your computer that run when you click on
Unfortunately, intruders are always discovering new
vulnerabilities (informally called "holes") to exploit
in computer software. The complexity of software makes
it increasingly difficult to thoroughly test the
security of computer systems.
When holes are discovered, computer vendors will usually
develop patches to address the problem(s).
However, it is up to you, the user, to obtain and
install the patches, or correctly configure the software
to operate more securely.
Most of the incident reports of computer break-ins
received at the CERT/CC could have been prevented if
system administrators and users kept their computers
up-to-date with patches and security fixes."
is a trusted partner and authoritative source in
cyberspace for the Federal Government; SLTT governments;
private industry; and international organizations.
refund fraud affects hundreds of thousands, if not
millions, of U.S. citizens annually.
try to visit the
KrebsOnSecurity blog at least weekly, It's a
powerful resource for keeping up to date with the cyber
criminal activities going on that pose silent threats to
all of us.
There is always so much good material there that it
would be difficult to share it all with you directly -
the best I can do is remind you of what is trending and
encourage you to read Brian Kreb's comments and advice.
For example, read his timely posts on Tax Refund
"Victims usually first learn of the crime
after having their returns rejected because scammers
beat them to it. Even those who are not required to file
a return can be victims of refund fraud, as can those
who are not actually due a refund from the IRS.
'DON’T BE THE NEXT VICTIM
While there isn’t a great deal you can do to stop
someone at your employer from falling for one of these
W-2 phishing scams, there are some steps you can take to
make it less likely that you will be the next victim of
tax refund fraud:"
Brian Krebs has featured several stories about “overlay”
card and PIN skimmers made to be snapped in-place atop Ingenico-brand
card readers at store self-checkout lanes.
Here's his revisit of the topic because a security
technician at a U.S.-based retailer recently shared a
few photos of several of these devices pulled from
compromised card terminals, and the images and his story
offer more detail than in previous articles.
Visit Mr. Krebs blogto see how diabolically clever the
thieves are who created the skimming cover for this
In his earlier article, Mr. Krebs mentioned that there
are countless nationwide retailers that have hundreds of
thousands of these Ingenico devices installed in
self-checkout lanes, and that in turn means millions of
employees and customers who are the first lines of
defense against skimmers.
The more people know about
what to look for in these fraud devices, the more likely
the fraudsters will lose their up-front investments —
and maybe even get busted trying to retrieve them.
See our post of Sep 5, 2015
"All About Skimmers -" for More
movies of the Indians circling the wagon train as they
attacked the brave pioneer settlers?
Looks like the same thing is happening - but with your
Mac under attack!
Yet another virus has been created to infect and steal
from your Mac's private files.
It's called "Xagent" and appears to have come from - you
guessed it - Russia.
And if you think Apple computers are still malware
immune, this new attack proves otherwise.
At the time of this writing, details pertaining to the
infection method and future capabilities of this malware
were still not confirmed.
However, the following tips to stay safe are based on
industry best practices and what is known about Xagent
for minimizing the possibility of being infected by it.
It's possible that the infection comes with a trojan
named Komplex. Found in late 2016 to be infecting Macs
through a combination of emails sent to specific
targeted users containing a PDF attachment that held the
Opening the PDF would lead to infecting the system.
This is a common ploy for infection from many trojans;
it's extremely important for users to practice safe
internet habits and not open or preview emails from
and under no circumstances should you ever open an
attachment that is sent to you from someone you don't
Password Do’s and Don’ts
Updates from KREBSonSecurity
Internet Of Things (IoT) connectivity with our daily
habits continues to develop with greater interest in the
amazing capabilities of the internet.
But, it also has spawned the malware that amplifies its
downside - a threat to your Internet Security.
Strong and secure passwords are essential to maintaining
the security of your Internet connections to the
fascinating World Wide Web.
So why not take a new look at the passwords you use? Are
as secure as they were - now that the IoT is blossoming?
Here are a few tips from the
KrebsOnSecurity Blog for creating strong passwords. Take
a moment to review these, and consider strengthening
some of your passwords if they fall short.
►Create unique passwords
that use a combination of words,
numbers, symbols, and both upper- and lower-case letters.
►Do not use your network
username as your password.
►Don’t use easily guessed
passwords, such as “password” or
►Do not choose passwords
based upon details that may not be
as confidential as you’d expect, such as your birth date, your
Social Security or phone number, or names of family members.
►Do not use words that can
be found in the dictionary. Password-
cracking tools freely available online often come with dictionary
lists that will try thousands of common names and passwords. If
you must use dictionary words, try adding a numeral to them, as
well as punctuation at the beginning or end of the word, or both.
►Avoid using simple
adjacent keyboard combinations: For
example, “qwerty” and “asdzxc” and “123456” are horrible
passwords and that are trivial to crack.
►Some of the
easiest-to-remember passwords aren’t words at all
but collections of words that form a phrase or sentence, perhaps
the opening sentence to your favorite novel, or the opening line
to a good joke. Complexity
is nice, but length is key. It used to
be the case that picking an alphanumeric password that was
8-10 characters in length was a pretty good practice. No more!
of us know how clever, and devious today's Cyber
criminals have become.
They always seem to be one step ahead of our security
professionals who must not only prepare defenses against
them, but need to anticipate what devious and malicious
ruse they will come up with next.
Although not all scams are initiated through malicious
messages, there is a new malware attack involving
bait-and-switch websites that you need to know about.
If you are a
Google Chrome user, this affects you.
Hackers have discovered another way to break into
websites that have weak security, so they can
fool visitors into downloading malware.
Here's how this malware scam works. Three factors are
needed for it to be successful:
1. Victim is using the Chrome Browser on a Windows
2. Victim lives in an English speaking country - The
U.S., U.K., Canada and Australia are being targeted.
3. Victim is sent to the malicious site through search
engine results (You would have to click the link to the
site that shows up in a search).
If all of these factors are in place, you could fall
victim to this attack.
websites. If you're using Chrome and click the link from
If you see a bunch of gibberish, or "diamonds,"
making it impossible to read, that's the scam result.
When you realize the page is unreadable, a fraudulent
Chrome message appears saying that "The
'HoeflerText' font wasn't found, which is why you
can't read the
page." You're then asked to update the "Chrome Font
Clicking on the Update button on this message will
infect your computer with click-fraud adware.
Hidden ads will be loaded and clicked on automatically.
This is how the criminal gets paid, by ripping off
legitimate ad networks.
At this time the risk to Chrome users is that their
computer is infected with click-fraud adware.
However, this scheme could change at a moment's notice.
The hacker could change the malicious link into
something worse, like encrypting ransomware.
The best defense is knowing what to look for. If you
visit a site and it asks you to download a font update,
do NOT do
You can remove "The
HoeflerText font wasn’t found" automatically with
help of one of these programs: Reimage, Plumbytes,
Malwarebytes Anti Malware. These
applications are recommended because they can easily
delete potentially unwanted programs and viruses with
all their files and registry entries that are related to
of us share with the less fortunate during the Christmas
It's also an active period for Scammers and Cyber
crooks. As many times as we are reminded of the dangers,
the increasing cleverness of the ner-do-wells can still
trap us into taking the happy edge off of our holidays.
The Federal Trade Commission (FTC) publishes reminders
and case histories to Alert us, but who remembers to
check the FTC website?
Here's a reminder from the FTC Blog - and very
Make sure your money goes to real charities.
"As a reformed Ebenezer Scrooge shows us year after
year, the holidays are an important time to share with
people in need. Unfortunately, sometimes charity
scammers try to take advantage of your good will. And
even when you’re dealing with legitimate charities, it’s
still important to make sure a charity will spend your
donation the way you want it to. Always check out a
charity before you give."
Recent hacking and
malware activity has led me back to one of my must
trusted resources on Internet security, the
And if you have heard anything about the hacks and
Denials of Service associated with the IoT - the
Internet of Things - you should be cautious, too.
Especially when it comes to creating Passwords for
things like your Refrigerator, Network cameras, DVRs,
some printers and routers, etc.
Here's just one Important Tip on Password Do’s and
Don’ts from a recent Brian Krebs blog post:
Do not use words that can be found in the dictionary.
Password-cracking tools freely available online often
come with dictionary lists that will try thousands of
common names and passwords. If you must use dictionary
words, try adding a numeral to them, as well as
punctuation at the beginning or end of the word (or
Your mobile device is just as vulnerable
to online dangers as your computer.
You need to combat modern mobile malware & Internet
threats, protect your privacy, and safeguard personal
data, even if your device is lost or stolen, using a
proven Anti-virus program for your Android smartphone..
You need Immediate response to the latest threats which
are are emerging all the time, plus -
* Premium protection against mobile malware
* Immediate response to new threats
* Detection of fraudulent and malicious links
* Remote control of lost or stolen devices
* Protection against phishing attempts
* Simple online management
According to TomsGuide, here are 5 top of the line
Android Anti-virus applications (Apps)
1. AVAST! MOBILE SECURITY & ANTIVIRUS
Best Overall Android Antivirus App
rated 9/10 (Superior)
2. BITDEFENDER MOBILE SECURITY Anti-virus
3 KASPERSKY INTERNET SECURITY FOR ANDROID
4. KASPERSKY INTERNET SECURITY FOR ANDROID
If a crook steals your ATM card, there
are only four little numbers standing between the bad
guy and the contents of your bank account.
What is the first
Personal Identification Number (PIN) the crook will try
in an attempt to clean you out? That would be 1234,
which is used by fully 11 percent of us as our ATM PIN
Nick Berry, a data scientist and founder
of Data Genetics, a Seattle technology consultancy,
analyzed 3.4 million four-digit PINs using the numerals
0 to 9; the PINs were previously released and exposed in
security breaches. Berry wanted to determine which PINs
were the most popular, and, therefore, left bank
accounts the most vulnerable.
He told The Exchange that he discovered a
"staggering lack of imagination" when it comes to
selecting PINs. Following close on the heels of 1234 are
1111 (6 percent) and 0000 (2 percent).
Bottom line: Fully 19 percent of
us use one of these three 4-digit PINs--and crooks know
And that's not all. More than a
quarter of all ATM PINs could be easily guessed by a
crook by just attempting 20 combinations of four-digit
That's astounding when you consider there are 10,000
different combinations of four-digit numbers that can be
created using numerals 0 to 9. "It's amazing how
predictable people are," Berry told The Exchange.
Why are we so predictable when
choosing our Pins. Two reasons. First, we don't like
numbers that are hard to remember. Second, we think
we'll never be the victim of theft or that we'll ever
lose our wallet.
The top 10 most popular ATM PINs:
The top 10 least popular ATM PINs:
Tips on how
NOT to choose a PIN:
used PINS are birthdays, anniversaries or birth years.
Avoid any PIN that begins with "19." Every four-digit
combination that begins with "19" is in the top 20
percent of the dataset.
Do not use
"2580." It may seem like a random selection of
numbers, but they are the numbers in the middle column
of buttons down a telephone or ATM keypad.
In the 3.4
million PINs Berry analyzed, the most popular one,
1234, was used more often than the lowest 4,200 codes
Use of smartphones and tablets is
so prevalent and widespread that we sometimes forget
just how vulnerable to cyber attack they(we) are.
and other intruders depend on our often casual use and
indifference to these threats.
While there are many places through which we can be
attacked, one often disregarded avenue is the Operating
It may be out-of-date. Security patches or fixes for
mobile devices' operating systems are not always
installed on mobile devices in a timely manner, often
taking weeks or months for them to be provided by the
Depending on the nature of the vulnerability, the
patching process may be complex. Google, for example,
develops updates to fix security vulnerabilities in the
Android OS, but it is up to device manufacturers
to produce specific updates
for their devices.
Then it's up to the Carrier to test it and relay the
updates to consumers' devices, making certain that the
updates do not create conflicts with the existing device
Users should always be aware and on the alert for
updates on the Apple iOS smartphones, as well.
And if your mobile device is getting a bit old, say -
older than two years, manufacturers may no longer
support it. Some manufacturers stop supporting
smartphones as early as 12 to 18 months after their
The fine article at
PCWorld descibes many more common
vulnerabilities and threats. A good idea to review it if
you have an Android device.
is now on the wrists of an estimated 3 million people.
For those of us not yet
among the millions of iWatch™
wearers, here are a few highlights to get you prepared
The Standard touch screen is approximately a 1 5/16 inch
x 1 1/16 inch rectangle.
It operates on a version of the Apple Operating system (iOS)
that's a bit simpler than the smartphone counterpart.
You'll be able to make calls and use Web-based services
from the watch when it's connected to a compatible
device (iPhone 5 and up, running the latest version of
iOS 8). The Watch connects with iPhones via Bluetooth
Low Energy and built-in Wi-Fi.
It's available in three styles - Apple Watch Sport,
Apple Watch and Apple Watch Edition. Each
offers two watch face sizes and a selection of bands and
buckles. Apple Watch Sport, with an anodized
aluminum case in silver or space gray goes for $349
($399 for bigger face size).
The most luxurious Apple Watch Edition is made
from custom rose or yellow 18-karat gold alloys. It's
worn with specially designed straps and bands with
18-karat gold clasps, buckles or pins.
The Apple Watch Edition starts at $10,000. (With
added features, this could run up to around $15,000).
All About Skimmers (and the
increasing use of Credit Cards)
The series by
"KrebsonSecurity" about ATM skimmers, gas pump
skimmers and other related fraud devices has become by
far the most-read post on his blog. This gallery was
put together to showcase the entire series, and to give
others a handy place to reference with all of these
stories in one place.
Click the headline or the image associated with each post for the full
thought it a good idea to share these reminders with
you....Richard To TOP
WRITTEN BY A COP: Everyone should
take 5 minutes to read this. It may save your life or a
loved one's life. In daylight hours, refresh yourself of
these things to do in an emergency situation... This is
for you, and for you to share with your wife, your
children, & everyone you know. After reading these 9
crucial tips, forward them to someone you care about. It
never hurts to be careful in this crazy world we live
1. Tip from Tae Kwon Do: The elbow is
the strongest point on your body. If you are close
enough to use it, do!
2. Learned this from a tourist guide. If
a robber asks for your wallet and/or purse,
DO NOT HAND IT TO HIM.
Toss it away
from you... Chances are that he is more interested in
your wallet and/or purse than you, and he will go for
RUN LIKE MAD IN THE OTHER DIRECTION!
3. If you are ever thrown into the trunk
of a car, kick out the back tail lights and stick your
arm out the hole and start waving like crazy.. The
driver won't see you, but everybody else will. This has
4. Women have a tendency to get into
their cars after shopping, eating, working, etc., and
just sit (doing their checkbook, or making a list, etc.
DON'T DO THIS!)
The predator will be watching you, and
this is the perfect opportunity for him to get in on the
passenger side, put a gun to your head, and tell you
where to go.
AS SOON AS YOU GET INTO YOUR CAR , LOCK
THE DOORS AND LEAVE.
If someone is in the car with a gun to
your head DO NOT DRIVE OFF, Repeat:
DO NOT DRIVE OFF!
Instead gun the
engine and speed into anything, wrecking the car. Your
Air Bag will save you. If the person is in the back seat
they will get the worst of it. As soon as the car
crashes bail out and run. It is better than having them
find your body in a remote location.
5. A few notes about getting into your
car in a parking lot, or parking garage:
A.) Be aware: look around you, look into
your car, at the passenger side floor, and in the back
B.) If you are parked next to a big van,
enter your car from the passenger door.
Most serial killers attack their victims
by pulling them into their vans while the women are
attempting to get into their cars.
C.) Look at the car parked on the
driver's side of your vehicle, and the passenger side..
If a male is sitting alone in the seat nearest your car,
you may want to walk back into the mall, or work, and
get a guard/policeman to walk you back out.
IT IS ALWAYS BETTER TO BE
SAFE THAN SORRY.
paranoid than dead.)
6. ALWAYS take the elevator instead of
the stairs. Stairwells are horrible places to be alone
and the perfect crime spot. This is especially true at
HEADLINE - Cellphone
`Distracted Walking` Sending Pedestrians to the ER (From the TUESDAY, June 25 Quality of Life HealthDay
Pedestrians are becoming more likely to be injured while
using their cellphones and an estimated 1,500 were
treated in U.S. emergency rooms in 2010 as a result, a
new study(*) finds.
It's impossible to know how many of the injuries could
have been avoided if pedestrians weren't using their
cellphones. The study also doesn't determine whether the
injuries are on the rise simply because more people are
Whatever the case, study author Jack Nasar said the
findings show that cellphone use isn't just a danger to
drivers. It's also a hazard to those who are only
"Stop walking when you're going to take a cellphone call
or text. Don't do two things at once," advised Nasar, a
professor of city and regional planning at Ohio State
University who studies cellphones and distraction.
Nasar and colleagues previously reported that
pedestrians on public streets are more likely to have
close calls with cars if they are using their cellphones.
In the new study, the researchers sought to understand
the risk on a national level by examining a federal
database of emergency room visits from 2004 to 2010.
The investigators found that the estimated number of
pedestrian injuries linked to cellphones -- including
those that had nothing to do with cars, such as walking
into something -- varied from as low as 256 to as high
as 597 between 2004 and 2007. The numbers then jumped to
1,055 in 2008, 1,113 in 2009 and 1,506 in 2010.
(*)The study appeared in the 2012 August issue of the
journal Accident Analysis and Prevention.
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - More Quality of Life information is available every
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -
Thanks from this Great Grandfather who has many
smartphone literate grand and great grandchildren who
are precious... and their little fingers can navigate
those tiny screens and buttons twice as fast as I ever
I have been plagued by SPAM and Ad POPUPS recently.
So I did some checking and here's what I found -
According to Trustwave (http://www.trustwave.com),
SPAM activity in June of this year has increased
by approximately 500% since February!
68.7% of all email was Spam, most of
it originating in Mexico, India and Peru with nearly
75% of that related to Pharmaceuticals
The 3 top countries originating SPAM
were Spain, United States and Argentina.
No Wonder we're
Some more interesting information I
Trustwave's SpiderLabs Radio June
28th highlights reported
Malware in Mobile Apps on the increase and more
Bad Apps are showing up in Google Play, even Mobile
fake AntiVirus apps.
And this report from the Trustwave SpiderLabs BLOG
on Strange Physical Addresses used by SPAMMERS will
help you identify some of their tricks used to deceive you into believing that their
messages are valid.
Threats to our online security are always with us but
aren't always easy to recognize. The cyber crooks are
sophisticated - and devious. They understand human
emotions like fear, anxiety, and apathy and continually
design - and redesign their phishing emails to trap us
into exposing our personal and even our financial
I'm leaving the "EVERGREEN"
posts here as reminder Alerts to a variety of recent
phishing practices to help us recognize, or become
suspicious of similar messages that can appear in our
Reminder about Why Strong Passwords are so Important
One of my most interesting
and reliable sources for learning about the latest nasty
stuff taking place on the Internet is Brian Krebs' Blog "KrebsOnSecurity"
While reading through his blog posts recently, one of
the headlines attracted my attention - "Hacked
Inboxes Lead to Bank Fraud".
The meat of his post described exactly what happened to
us, a small business, as I reported in my March 30th
post - even to the contents of the email sent by a
hacker to one of our local banks from our email address
- using our email service which the hacker then
Read Mr. Krebs post here - "Hacked
Inboxes Lead to Bank Fraud" and when you get to the
part where the Hacker's email is described, you'll see
why our local banker was astute enough to be suspicious
and contact us for verification.
Worse still, of the 3 examples cited in Mr. Kreb's blog
post, one of the banks failed to challenge that email.
The Bad grammar and poor punctuation should have raised
the alarm for any trained and responsible bank employee.
Mr. Krebs further points out that "Hacked and phished
email accounts increasingly are serving as the staging
grounds for bank fraud schemes targeting small
businesses. The scams are decidedly low-tech and often
result in losses of just a few thousand dollars, but the
attacks frequently succeed because they exploit existing
trust relationships between banks and their customers".
didn't realize our email password had been cracked,
...on a recent Friday morning, we received a 'phone call
from a local Bank Manager asking if we had just made an
email request for the balance in our account.
This was from a bank where we did not have an
A short time later, we realized that our incoming email
had stopped - no messages since around the time the Bank
Manager called us.
We contacted our eMail Service Provider and learned that
our password had been compromised and replaced by the
Hacker, who also installed a redirect code that
diverted all of our incoming email to his
private Gmail address.
Looking back at this episode, it became apparent that
our password for this email account was weak -
very weak, as a matter of fact.
The eMail Service Provider helped us clean up the mess
and guided us in restoring our email service with a much
stronger - very much stronger password.
What did we learn?
One - you can't be complacent or
unconcerned about the way things are when it comes to
your computer and Internet security. You must review and
Two - hackers and crackers have
software that can decipher your simple keywords at cyber
Three - our computers are being
bombarded constantly by non-human attackers.
When was the last time you reviewed your passwords?
Maybe now's the time to take a new look.
Media and your kids Safety- are they at risk?
As a parent, grandparent, and now a great-grandparent, I've
watched more than a dozen children learn to socialize with
other kids - it's part of growing up.
As grown-ups, we socialize in many ways. We tweet, we make
friends on facebook, we Stumble, Digg, make videos to
share on YouTube, and look to make friends on even more Social Media sites .
Social networking sites are fun and children want to participate
in them, too, but they do present some potential dangers.
With the popularity of social networking sites, here are some
words of caution.
As a parent, the very first thing we should do is teach our children
about the possible dangers that exist on the Internet, particularly
about situations that might crop up on a social networking website.
This free article highlights some of the more Important subjects to
review with our children
- You can read it in about two minutes
You can take steps to avoid today's security threats,
and I have outlined them in a special report you can have
This report is an update and a bit of an overview of the
information published in my newsletters, blog and
It covers the basics of what to look for and
how to prepare your computer to avoid the next high risk
threat. It's a quick download (PDF file) which you
can obtain by going to the registration page and leaving
your email address so that the download instructions can
be sent to your email inbox.
Get Free Report here and share this web address with
your friends so the emails you get from them are clean
and free of malware.
Please accept our
to Help Parents Teach Their Kids to be Safe Surfers –
an Invitation to Help other Parents, Grandparents and Guardian by Sharing Your
Teaching Your Children To Be Safe When
They Were learning to Surf
the Internet. Please Tell Us
About It HERE
EVERGREEN Update your Emergency Virus Protection program
you don't have your Virus Protection program yet, here's an
Emergency Step you should take,
McAfee offers a FREE Virus Scanning program named STINGER.
It has grown in size a little over the past few years and no longer fits on a single floppy Disk.
But so many of the newer PCs, including lap tops don't have a "A" floppy
drive anyway, you should burn it to a CD or memory stick for an offline back up tool.
You can use it as we do, to check
any of your PC computers for viruses, without being on line.
It is an 'After the Fact' application, which means that it does not scan
incoming email files, attachments or downloads, but it does scan whatever
you have already received online.
It currently checks, and repairs hundreds of recent viruses. It's FREE
to download from
You can get the
of our app and read all of our SMSSpecial
Security Alert messagesconveniently
on your mobile device!
Visit the "web" version of our APP which you can
access WITHOUT downloading it from one of the app stores. This
will allow you to be included in our SMS Special Alert messages,
(seldom more than one or possibly two per week). Once you
register, you will go directly to our App's home page on future
- Instant Download - Anytime of the day or night
(This is an electronic book that you
will download upon purchase...there will be no book mailed to your
You should assume that the owner of this website has an affiliate
relationship and/or another material connection to the providers of
goods and services mentioned in this message and may be compensated when
you purchase from a provider. You should always perform due diligence
before buying goods or services from anyone via the Internet or offline.
-- (Terminology used with permission of