Category: "Computer Tips"

  07:30:00 pm , Categories: Computer Tips

Are you being phished?

Link: https://www.malwarebytes.com/phishing/

Read this article from Malwarebytes and then visit the main link to see even more insights to protect you.

 

Phishing

Phishing is a method of tricking you into sharing passwords, credit card numbers, and other sensitive information by posing as a trusted institution in an email or phone call.

All about phishing

What is phishing?

Phishing is the crime of deceiving people into sharing sensitive information like passwords and credit card numbers. As with real fishing, there's more than one way to reel in a victim, but one phishing tactic is the most common. Victims receive an email or a text message that imitates (or “spoofs”) a person or organization they trust, like a coworker, a bank, or a Government office. When the victim opens the email or text, they find a scary message meant to overcome their better judgement by filling them with fear. The message demands that the victim go to a website and take immediate action or risk some sort of consequence. 

If users take the bait and click the link, they're sent to an imitation of a legitimate website. From here, they're asked to log in with their username and password credentials. If they are gullible enough to comply, the sign-on information goes to the attacker, who uses it to steal identities, pilfer bank accounts, and sell personal information on the black market.

“Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective.”

Unlike other kinds of online threats, phishing does not require particularly sophisticated technical expertise. In fact, according to Adam Kujawa, Director of Malwarebytes Labs, “Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective. That is because it attacks the most vulnerable and powerful computer on the planet: the human mind.” Phishers are not trying to exploit a technical vulnerability in your device's operation system—they're using “social engineering. From Windows and iPhones, to Macs and Androids, no operating system is completely safe from phishing, no matter how strong its security is. In fact, attackers often resort to phishing because they can't find any technical vulnerabilities. Why waste time cracking through layers of security when you can trick someone into handing you the key? More often than not, the weakest link in a security system isn't a glitch buried in computer code, it's a human being who doesn't double check where an email came from.

The latest phishing news

Bad romance: catphishing explained
A new kind of Apple phishing scam
Compromised LinkedIn accounts used to send phishing links via private message and InMail

History of phishing

The origin of the name “phishing” is easy enough to trace. The process of performing a phishing scam is much like actual, aquatic fishing. You assemble some bait designed to deceive your victim, then you cast it out and hope for a bite. As for the digraph “ph” replacing the “f,” it could be the result of a portmanteau of “fishing” and “phony,” but some sources point back to another possible origin.

In the 1970s, a subculture formed around the practice of using low-tech hacks to exploit the telephone system. These early hackers were called “phreaks”—a combination of “phone” and “freaks.” At a time when there weren't many networked computers to hack, phreaking was a common way to make free long-distance calls or reach unlisted numbers.

“Phishing is the simplest kind of cyberattack and, at the same time, the most dangerous and effective.”

Even before the actual “phishing” term took hold, a phishing technique was described in detail in a paper and presentation delivered to the 1987 International HP Users Group, Interex.

The use of the name itself is first attributed to a notorious spammer and hacker in the mid-1990s, Khan C Smith. Also, according to Internet records, the first time that phishing was publicly used and recorded was on January 2, 1996. The mention occurred in a Usenet newsgroup called AOHell. At the time, America Online (AOL) was the number one provider of Internet access, with millions of log-ons daily.

Naturally, AOL's popularity made it a target for fraudsters. Hackers and software pirates used it to communicate with one another, as well as to conduct phishing attacks on legitimate users. When AOL took steps to shut down AOHell, the attackers turned to other techniques. They sent messages to AOL users claiming to be AOL employees and asked people to verify their accounts and hand over billing information. Eventually, the problem grew so bad that AOL added warnings on all email and instant messenger clients stating "no one working at AOL will ask for your password or billing information."

“Social networking sites became a prime phishing target.”

Going into the 2000s, phishing turned its attention to exploiting online payment systems. It became common for phishers to target bank and online payment service customers, some of whom—according to subsequent research—might have even been accurately identified and matched to the actual bank they used. Likewise, social networking sites became a prime phishing target, attractive to fraudsters since personal details on such sites are useful for identity theft.

Criminals registered dozens of domains that spoofed eBay and PayPal well enough that they passed for the real thing if you weren't paying close enough attention. PayPal customers then received phishing emails (containing links to the fake website), asking them to update their credit card numbers and other personally identifiable information. The first known phishing attack against a bank was reported by The Banker (a publication owned by The Financial Times Ltd.) in September 2003.

By the mid-2000s, turnkey phishing software was readily available on the black market. At the same time, groups of hackers began to organize in order to orchestrate sophisticated phishing campaigns. Estimated losses due to successful phishing during this time vary, with a 2007 report from Gartner stating that as many as 3.6 million adults lost $3.2 billion between August 2006 and August 2007.

“In 2013, 110 million customer and credit card records were stolen from Target customers.”

In 2011, phishing found state sponsors when a suspected Chinese phishing campaign targeted Gmail accounts of highly ranked officials of the United States and South Korean governments and militaries, as well as Chinese political activists.

In perhaps the most famous event, in 2013, 110 million customer and credit card records were stolen from Target customers, through a phished subcontractor account.

Even more infamous was the phishing campaign launched by Fancy Bear (a cyber espionage group associated with the Russian military intelligence agency GRU) against email addresses associated with the Democratic National Committee in the first quarter of 2016. In particular, Hillary Clinton's campaign manager for the 2016 presidential election, John Podesta, had his Gmail hacked and subsequently leaked after falling for the oldest trick in the book—a phishing attack claiming that his email password had been compromised (so click here to change it).

In 2017, a massive phishing scam tricked Google and Facebook accounting departments into wiring money, a total of over $100 million, to overseas bank accounts under the control of a hacker.

Types of phishing attacks

Despite their many varieties, the common denominator of all phishing attacks is their use of a fraudulent pretense to acquire valuables. Some major categories include:

Spear phishing

While most phishing campaigns send mass emails to as many people as possible, spear phishing is targeted. Spear phishing attacks a specific person or organization, often with content that is tailor made for the victim or victims. It requires pre-attack reconnaissance to uncover names, job titles, email addresses, and the like. The hackers scour the Internet to match up this information with other researched knowledge about the target's colleagues, along with the names and professional relationships of key employees in their organizations. With this, the phisher crafts a believable email.

For instance, a fraudster might spear phish an employee whose responsibilities include the ability to authorize payments. The email purports to be from an executive in the organization, commanding the employee to send a substantial payment either to the exec or to a company vendor (when in fact, the malicious payment link sends it to the attacker).

Spear phishing is a critical threat to businesses (and governments), and it costs plenty. According to a 2016 report of a survey on the subject, spear phishing was responsible for 38% of cyberattacks on participating enterprises during 2015. Plus, for the U.S. businesses involved, the average cost of spear phishing attacks per incident was $1.8 million.

“A verbose phishing email from someone claiming to be a Nigerian prince is one of the Internet's earliest and longest-running scams.”

Clone phishing

In this attack, criminals make a copy—or clone—of previously delivered but legitimate emails that contain either a link or an attachment. Then, the phisher replaces the links or attached files with malicious substitutions disguised as the real thing. Unsuspecting users either click the link or open the attachment, which often allows their systems to be commandeered. Then the phisher can counterfeit the victim's identity in order to masquerade as a trusted sender to other victims in the same organization.

419/Nigerian scams

A verbose phishing email from someone claiming to be a Nigerian prince is one of the Internet's earliest and longest-running scams. According to Wendy Zamora, Head of Content at Malwarebytes Labs, “The Nigerian prince phish comes from a person claiming to be a government official or member of a royal family who needs help transferring millions of dollars out of Nigeria. The email is marked as ‘urgent' or ‘private,' and its sender asks the recipient to provide a bank account number for safekeeping the funds.”

In a hilarious update of the classic Nigerian phishing template, British news website Anorak reported in 2016 that it received an email from a certain Dr. Bakare Tunde, who claimed to be the project manager of astronautics for Nigeria's National Space Research and Development Agency. Dr. Tunde alleged that his cousin, Air Force Major Abacha Tunde, had been stranded on an old Soviet space station for more than 25 years. But for only $3 million, Russian space authorities could mount a flight to bring him home. All the recipients had to do was send in their bank account information in order to transfer the needed amount, for which Dr. Tunde will pay a $600,000 fee.

Incidentally, the number "419" is associated with this scam. It refers to the section of the Nigerian Criminal Code dealing with fraud, the charges, and penalties for offenders.

Phone phishing

With phone-based phishing attempts, sometimes called voice phishing or “vishing,” the phisher calls claiming to represent your local bank, the police, or even the IRS. Next, they scare you with some sort of problem and insist you clear it up immediately by sharing your account information or paying a fine. They usually ask that you pay with a wire transfer or with prepaid cards, so they are impossible to track.

SMS phishing, or “smishing,” is vishing's evil twin, carrying out the same kind of scam (sometimes with an embedded malicious link to click) by means of SMS texting.

“The email makes an offer that sounds too good to be true.”

How to identify a phishing attack

Recognizing a phishing attempt isn't always easy, but a few tips, a little discipline, and some common sense will go a long way. Look for something that's off or unusual. Ask yourself if the message passes the “smell test.” Trust your intuition, but don't let yourself get swept up by fear. Phishing attacks often use fear to cloud your judgement.

Here are a few more signs of a phishing attempt:

The email makes an offer that sounds too good to be true. It might say you've won the lottery, an expensive prize, or some other over-the-top item.  

  • You recognize the sender, but it's someone you don't talk to. Even if the sender's name is known to you, be suspicious if it's someone you don't normally communicate with, especially if the email's content has nothing to do with your normal job responsibilities. Same goes if you're cc'd in an email to folks you don't even know, or perhaps a group of colleagues from unrelated business units.
  • The message sounds scary. Beware if the email has charged or alarmist language to create a sense of urgency, exhorting you to click and “act now” before your account is terminated. Remember, responsible organizations do not ask for personal details over the Internet.
  • The message contains unexpected or unusual attachments. These attachments may contain malware, ransomware, or another online threat.
  • The message contains links that look a little off. Even if your spider sense is not tingling about any of the above, don't take any embedded hyperlinks at face value. Instead, hover your cursor over the link to see the actual URL. Be especially on the lookout for subtle misspellings in an otherwise familiar-looking website, because it indicates fakery. It's always better to directly type in the URL yourself rather than clicking on the embedded link.

Here's an example of a phishing attempt that spoofs a notice from PayPal, asking the recipient to click on the “Confirm Now” button. Mousing over the button reveals the true URL destination in the red rectangle.

Here's another phishing attack image, this time claiming to be from Amazon. Note the threat to close the account if there's no response within 48 hours.

Clicking on the link leads you to this form, inviting you to give away what the phisher needs to plunder your valuables:

How do I protect myself against phishing?

As stated previously, phishing is an equal opportunity threat, capable of showing up on desktops, laptops, tablets, and smartphones. Most Internet browsers have ways to check if a link is safe, but the first line of defense against phishing is your judgement. Train yourself to recognize the signs of phishing and try to practice safe computing whenever you check your email, read Facebook posts, or play your favorite online game.

Once again from our own Adam Kujawa, here are a few of the most important practices to keep you safe:

  • Don't open e-mails from senders you are not familiar with.
  • Don't ever click on a link inside of an e-mail unless you know exactly where it is going.
  • To layer that protection, if you get an e-mail from a source you are unsure of, navigate to the provided link manually by entering the legitimate website address into your browser.
  • Lookout for the digital certificate of a website.
  • If you are asked to provide sensitive information, check that the URL of the page starts with “HTTPS” instead of just “HTTP.” The “S” stands for “secure.”It's not a guarantee that a site is legitimate, but most legitimate sites use HTTPS because it's more secure. HTTP sites, even legitimate ones, are vulnerable to hackers. 
  • If you suspect an e-mail isn't legitimate, take a name or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods.
  • Mouseover the link to see if it's a legitimate link.

As always, we recommend using some sort of anti-malware security software. Most cybersecurity tools have the ability to detect when a link or an attachment isn't what it seems, so even if you fall for a clever phishing attempt, you won't end up sharing your info with the wrong people.

All Malwarebytes premium security products provide robust protection against phishing. They can detect fraudulent sites and stop you from opening them, even if you're convinced they're legitimate.

So stay vigilant, take precautions, and look out for anything phishy.

See all our reporting on phishing at Malwarebytes Labs. 

 

 

How to Remove Safari Extensions on Mac

Link: http://osxdaily.com/

 

Safari for Mac allows for optional third party browser extensions to be installed, performing functions like social sharing, note taking, interface with apps like 1password, amongst others. Sometimes Safari extensions can be useful, but sometimes they are no longer needed, or they can be problematic and cause freezes or trouble with Safari or for the ability to work with a specific website, and accordingly users often need to delete extensions from the browser.

 

 

This article will show you how to easily remove Safari extensions on a Mac. It’s important to note that Safari Extensions are different from Safari Plug-ins, which are removed separately.

 

Removing Safari Extensions on a Mac from Safari

This works to delete any Safari extension in macOS or Mac OS X:

  1. Open the Safari app and go to “Safari” menu and choose “Preferences”
  2. Go to the “Extensions” tab
  3. Click on any extension you no longer want in Safari and choose “Uninstall”
  4. Confirm that you want to delete the selected extension from Safari to remove it
  5. Repeat with other extensions as necessary

This is the easy way to delete a Safari extension, but you can also manually intervene from the file system to remove extensions from Safari as well.

Manually Deleting Safari Extension on Mac

Sometimes if an extension is causing havoc with Safari, the Extensions manager won’t be able to load or the uninstall method above won’t work. This is somewhat rare, but it can happen in some particular haywire scenarios with an errant or incompatible extension that refuses to remove itself. If this happens, you can manually delete an extension by going to where Safari extensions are located in Mac OS and removing them, this is done with the following:

1. Quit Safari on the Mac
2. From the Finder, hit Command+Shift+G to bring up Go To Folder (also accessible from the Go menu) then enter the following path:  ~/Library/Safari/Extensions/
3. Choose “Go” and you’ll instantly be in the Safari Extensions folder on the Mac, delete any extensions you wish to remove from Safari

4. Relaunch Safari when finished

 Don’t forget the tilde ~ when entering the file path to signify the users Extensions folder.

What about removing Safari Plug-ins?

As mentioned earlier, Safari Extensions are different from Safari Plug-ins. Safari Plug-ins include more functionality and tend to be feature-rich media viewers, like Adobe Acrobat reader in Safari, Adobe Flash, Silverlight, QuickTime, and similar. Without going too in-depth in this particular walkthrough, you can locate Safari plug-ins at the following file paths on a Mac:

System Level Safari plug-ins location: (available for all users):

/Library/Internet Plug-ins/

User level Safari plug-ins location: (available only for current user):

~/Library/Internet Plug-ins/

Extensions and plug-ins are often the first place to look if you are troubleshooting Safari crashes and have already updated the software and removed the cache. This is particularly true if you are experiencing Safari difficulties after updating the browser, when some plugins and extensions have not yet been updated to be compatible with the latest version. For the most part, most users don’t really need any Safari extensions or third party plug-ins, and having a simpler Safari installation often can ward off difficulties with the browser on any Mac.

 

  07:21:00 pm , Categories: Computer Tips, Macintosh OS X Tips

Reset DNS and chache Mac Snow Leopard and later

Link: https://support.apple.com/en-us/HT202516

Learn how to reset (flush) the DNS cache.

 

About the DNS cache

OS X keeps a local cache of resolved DNS queries for a time defined by the DNS server. Sometimes it might be necessary to reset the cache immediately and re-query a DNS server. For example, you might need to do this if you are a network or server administrator and an entry on your DNS server has recently changed.

If your Mac isn't using the latest DNS entries from your server, you can restart your Mac to update its cached information. If you need to update DNS entries on a server using OS X and you can't restart the server, use the terminal commands below for the version of OS X you're using.

OS X Yosemite and later

Use the following Terminal command to reset the DNS cache in OS X v10.10.4 or later:

sudo killall -HUP mDNSResponder

Use the following Terminal command to reset the DNS cache in OS X v10.10 through v10.10.3:

sudo discoveryutil mdnsflushcache

OS X Mavericks, Mountain Lion, and Lion

Use the following Terminal command to reset the DNS cache in OS X v10.9.5 and earlier:

sudo killall -HUP mDNSResponder

Mac OS X Snow Leopard

Use the following Terminal command to reset the DNS cache in OS X v10.6 through v10.6.8:

sudo dscacheutil -flushcache
  04:14:00 am , Categories: Computer Tips, Windows Tips-Tricks

Classic Shell

Link: http://www.classicshell.net/

Logo

Classic Shell™ is free software that improves your productivity, enhances the usability of Windows and empowers you to use the computer the way you like it. The main features are:

  • Highly customizable start menu with multiple styles and skins
  • Quick access to recent, frequently-used, or pinned programs
  • Find programs, settings, files and documents
  • Start button for Windows 7, Windows 8, Windows 8.1 and Windows 10
  • Toolbar and status bar for Windows Explorer
  • Caption and status bar for Internet Explorer

Classic Shell has been in active development for 6 years and has tens of millions of downloads.

The latest stable version of Classic Shell is 4.2.5

Start Menu  Classic Explorer

System Requirements

 

Classic Shell works on Windows 7, Windows 8, Windows 8.1, Windows 10 and their server counterparts (Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016). Both 32 and 64-bit versions are supported. The same installer works for all versions.
Note: Windows RT is not supported.
 
More information can be found on their site:
 
Screenshots of their program interface, click the different ones to get more information. 
 
More Info
 
FAQ for more questions you might have.

 

The Mac Hosts File: How to Modify /etc/hosts in OS X with TextEdit

Link: http://osxdaily.com/2016/02/29/modify-hosts-mac-os-x-textedit/

Another Great tip from MacOSX Daily!

 

 

 The Mac hosts file is a system level file located at /etc/hosts which maps IP addresses to host names for Mac OS X networking. Many users edit and modify the hosts file so that they can point a domain to a different IP address, whether for the purpose of local development, blocking sites, or simply to access alternate servers from various apps and system level functions. Most advanced users will edit the hosts file from the OS X Terminal using nano or vim, but for those who prefer to stay within the Mac OS GUI, you can also modify the Mac’s hosts file through TextEdit, or even a third party app like BBEdit or TextWrangler. This offers a more user friendly option compared to going through the command line.

If you don’t have a specific reason to modify the Mac hosts file in OS X, you should not do so. An incorrectly formatted hosts file or improper entry can lead to DNS issues and problems with various internet services. This is for advanced users.


How to Modify the Mac Hosts File at /etc/hosts with TextEdit OS X

This approach to changing /etc/hosts with TextEdit works with any version of OS X. For Mac users who are running OS X 10.11 or later releases, you must first disable SIP protection however, otherwise the Mac /etc/hosts file will be locked when attempting to access it from TextEdit.

    Quit TextEdit if it is currently open
    Launch the Terminal application in Mac OS X, found within /Applications/Utilities/
    Enter the following command exactly to open the Macs hosts file within the TextEdit GUI application

    sudo open -a TextEdit /etc/hosts


   
    Hit return and enter the admin password for OS X when requested to authenticate the launch through sudo

 


   
    The /etc/hosts file will launch into TextEdit as a plain text file where it can be edited and modified as need be, when finished use File > Save or hit Command+S as usual to save the changes to the hosts document *

Quit out of TextEdit, then quit out of Terminal when finished

 



* If the hosts file shows as “locked” and won’t save changes despite being launched through sudo, it’s likely because you didn’t disable SIP as mentioned in the introduction. You can turn off SIP in OS X with these instructions, which requires a reboot of the Mac. This is necessary for modern versions of OS X, though you can choose to edit the hosts file using the command line with nano as described here without adjusting SIP.

It’s good practice to make a duplicate of the hosts file so that if you break something you can easily fix it, though we’ve got the original default hosts file here in case you need to restore it. It’s also a good idea to set plain text mode as the default for TextEdit.

You’ll likely want to clear out your DNS cache after modifying the hosts file, here’s how to flush DNS in OS X El Capitan and modern versions Mac OS and how to do the same in prior releases.

Users can also choose to modify Mac OS X’s /etc/hosts with TextWrangler, BBEdit, or another third party application. The trick is largely the same as Text Edit, still requiring the use of sudo, but changing the specified application name as follows.

Opening /etc/hosts with TextWrangler:

sudo open -a TextWrangler /etc/hosts



Or launching /etc/hosts into Bbedit:

sudo open -a BBEdit /etc/hosts



While the aforementioned approaches work in all modern versions of OS X, earlier versions of Mac OS X can also launch the TextEdit binary with hosts directly from the command line with the following syntax:

sudo ./Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts



That method will not work in the latest releases, however, thus you’ll want to rely on the open command instead.


FRM Designers



Fantasy Attic Sponsors