Monday, December 30, 2013

Spam, Viruses and Other Christmas Miracles

What's That? I Won a Prize in a Contest I Didn't Enter? Well Sure! Here's My Personal Banking Info!
Hey everyone, I hope you had a great Christmas/Hanukkah/Kwanzaa/Non-denominational family time. We did have some nice family time, in between having to deal with some pretty serious spam attacks on some of our IT clients before and after Christmas (my husband and I have a small IT consulting company that supports small businesses in and out of our province). It really served to remind us that no matter how many times we tell people how to stay safe from the "bad guys" on the internet, many people forget. So, in the spirit of giving and friendship, may I just take a few moments to help you all please?

Spam, Malware and Viruses (no, they are not the same thing), are EVERYWHERE and make a huge number of people ridiculous sums of money, so it's only going to get worse as they realize we are wising up and they come up with more and more clever ways to try and trick us. While there is no way to protect yourself 100% from having sensitive data stolen from you (unless you lock yourself in a cave and go completely off the grid, communicating with no one), there are some things you can do to minimize the risk of loss and damage when there is loss;

1. Install anti-virus AND anti-malware software on your computer. We use a combination of Microsoft Security Essentials (Score! It's free! Right here:
and MalWare Bytes AntiMalware (about $30 for a LIFETIME, so pretty damn good. Available here: ). On certain systems (Microsoft XP) you will have to tell the programs to ignore each other or you may get some "false positives", ie. one program will say the other is a virus when it's not. Here's a link to a SAFE site that helps you do that (but again, only with XP, Windows Vista and Windows 7 are fine)
These combo programs are great at catching just about everything that the baddies throw at you, as each program will have its own forte at finding whatever it is trying to find. Malware is different from Spam, which is different from a Virus, so you need overlapping protection, preferably as inexpensively as possible, as the bad guys are always coming up with new ways to try to trick us, which brings me to my next point...

2. Set up schedules for the programs to automatically update and scan EVERY DAY. I would recommend having the programs update at different times from each other and definitely scan at different times from each other, again, to keep them from picking each other up, but also to give your system a resource break. If you are running too many things at once, it tends to bog down your system and can really slow it down. When the updates and scans are running, I would also recommend NOT using your computer. Again, this frees up resources so your computer runs faster, and keeps the "false positive" identifications to a minimum. Just let the screen saver take over and watch those little graphics play across your blackened screen. Groovy.

3. If the programs (your own or the ones I recommended) DO show that you have a virus, or malware infection, make sure to quarantine them immediately after the scan is finished. This puts them in a safe "box" in your system so that no one can accidentally open them and cause havoc. Usually you'll see a button after the scan (or a pop-up window) that will say "Remove Items" or "Quarantine". This is important. Don't just do the scans and then ignore whatever results come back. You are an integral part of your computer's security, again, bringing me to the next point (funny how that works, huh?)...

4. Prevent malware and viruses from ever getting on to your computer in the first place. I know, I know, it is just about impossible to keep this from happening, but there are a few things you can do to be safe. DO NOT open emails from people you don't know or weren't expecting an email from. Got an email from some Ugandan dude saying you won a lottery you never entered? You didn't win, he wants your bank account number to clean you out (incidentally, you'll never get that money back. Yes, it was fraudulently obtained, but they'll never catch the guy and the banks don't look to kindly on people who give out personal banking info. You've been warned). Got a weird email from a company you can't remember ordering from, saying your order was delayed but just click this link and it'll all be good? Chances are they are trying to hijack your computer to send out spam messages to the entire planet. This is also bad as you can get your IP address flagged and blocked by every friendly internet provider on the planet. Yes, it's happened to our clients, and NO it is not fun to undo. Not only do you lose internet connectivity until the problem is addressed, if it happens too many times, your IP address (the thing you use to connect to the internet) could be PERMANENTLY blocked. Yup, you'll lose internet forever. Like, for real, yo.

5. Don't open emailed files or click on links from friends unless you were expecting them to send you a file or link. Even if it is something innocent-sounding like, "Hey, check out our latest photos! Click here", or, "Our new diet plan for New Year's", often that is a virus waiting to strike. That link is not going to take you to see drunken photos of your friends making asses of themselves in public places (pity, bargaining power is always nice), but usually taking you to a site that will automatically download a virus. Often now they are getting so smart that it will also disable your antivirus so you don't even know that there is a problem until your computer starts acting like your drunken Aunt Sally at a family BBQ. If you think it might be legitimate, email your friend asking them if they meant to send you the email. Often, their email has been hacked and they won't even know it. Unless they tell you that they sent you the file or link, DON'T CLICK ON IT. Simple as that. Also, for your work, if you receive an email that is not expected or not related to your work, IGNORE IT. If you have to open it, try opening it first on a BlackBerry or iPhone. That often will show you what is up. But even then, I wouldn't recommend it. You wouldn't want your phone to get hacked, now would you???

6. This also applies to those phone call scams, where you'll get someone obviously very foreign who supposedly has a first name like "John", calling and telling you that "your Windows computer has a virus, ok?" and that they want you to pay with a credit card to have them fix it. Not only is this dangerous in terms of credit card fraud, they will usually also ask you to go to a specific IP address (something like XXX.XXX.XXX.X but with numbers), which will then hijack your system and get all of your personal info from your computer, and maybe use your computer in Denial of Service attack - where thousands of computers are linked together to create a sort of super computer (not like the movie War Games, and not nearly as cool), that then attacks other computers. Kind of like leapfrog from hell.

7. Please, please, please always put a password on your network. Especially if you use a wireless router. If you don't, anyone can come near your house, download a bunch of porn using your connection, or hijack your connection to do some serious bad stuff. The worst part, aside from getting a huge bill from your internet provider after going over your monthly limit for downloading every "Big Butts" porno ever made? If they downloaded something illegal (like child porn- no jokes here because that is serious stuff) or used your connection to hack into someone else (also no jokes because that is also seriously illegal), YOU will be held at least partially responsible because you did not do your due diligence in preventing it from happening in the first place. Make your password a good one - a combination of upper- and lower-case letters, with numbers, and if your router will let you, symbols too, something like G3tY0ur0wnW!f! is good. but don't use that because everyone will think it's cool and try to use it. Use your own squishy brain and come up with something good. If you have to write it down, HIDE it, for the love of god. Don't just leave it anywhere. Again, this brings me to the next point...

8. Create unique passwords for everything, and keep them secret. I would also recommend changing passwords every so often. Depending on what it is, every month or so should be good. The more secure (like bank accounts), the more often you should be changing them. Don't use Sex or 1234 or P4ssw0rd, everybody knows those, and no, you are not being cute or funny or unique. Finally,

9. Know that no-one is 100% safe. Just like having your house broken into, if someone really wants something, they are going to get it. If someone really wants to mess with your computer, they will. The best offense is a good defense, as they say, so make sure you regularly back up all of your files (external drives are CHEAP and easy to copy files to) on a regular basis to prevent catastrophic loss of data or your childrens' baby photos, and be smart. Don't go to porn sites or sketchy sites on work computers or computers that hold data that you want to keep. Porn sites in particular have TONS of viruses just waiting to take over your computer (ironic, I know, you'd think porn is safer sex, but it's not, at least not for your computer and files). If you have to go to those sites, get a clean computer for cheap and don't do anything but surf porn on that one computer, leaving your other computers virtually uncontaminated. Just a thought ;)

So, my young, innocent mouse-clickers, I hope you've learned something today and remember, "Stay Alert, and Stay Safe". Thank you Bert and Gert, LOL.

No comments:

Post a Comment


Blog Widget by LinkWithin