Just a quick public service announcement.
It’s hard to be safe and smart in this day and age. Just as soon as you think you are smarter than the bad guys, they come up with a different plan of attack. Here’s a few things to be aware of.
Recently a client forwarded to me an email they received. It looked like it was real estate related (and they are an agent), had a attached document that looked like a .pdf
Other than the misspelling (Beam not Beams) it might look just fine. Opening up the .pdf looked like this.
Chances are, your computer is out of date (most everyone is). So still nothing to arouse your suspicion, right? That link went to a link shortening service (bit.ly) so you couldn’t tell where it actually went to yet.
How can you see where a shortened link goes without going there first?
Did you know that Bit.ly has a preview feature? To do this, simply add a + sign to the end of any Bitlink in your browser. For example, for http://bit.ly/Wn2Xdz just enter http://bit.ly/Wn2Xdz+ into your browser and you’ll be sent to a preview page for the link without opening up the actual page. So I did that.
That link wasn’t going to go to a .pdf at all. It was leading to a .php file and that’s a whole lot of NOPE!
A .php file (and a few others) can load malicious code on your computer. That code could send back to the bad guys all of your contact list, all of your passwords, even those tax filings you have from last year.
It doesn’t stop there either. Your computer might then become a host, sending out even more malicious code to everyone else.
A few weeks ago I noticed a huge spike in returned emails. These were emails I never sent. They looked like they came from me – the email address was correct but the name BEST WATCH certainly wasn’t.
What happened was someone had malware on their computer. Unknowingly this program went into their contact list and chose one person (me). It then sent out more malware emails to the rest of their contacts, spoofing the email to look as if it came from me. Once it was done it probably chose another contact and duplicated it again and again. This all happens outside of the persons email program so they don’t even see it happening. You can see how this can grow exponentially, right?
I was getting over 3,000 returned emails an hour!
Great! But What Can I Do?
- Make sure your computer is up to date.
- Make sure you have virus protection.
- Make sure you are using Two Factor Authentication for most all your logins.
- Be suspicious of everything you don’t immediately recognize.
Here’s another way the bad guys are working right now.
Have you seen an uptick in new friend requests on Facebook? When you go to their profile there’s just a profile pic and not much else? Or they have very few related friends? Or is it someone you thought you were already friends with?
They are spoofed accounts and the bad guys behind them are looking to catch unsuspecting people. It’s not just Facebook. One of the best places to earn your trust is on the new online dating apps. Here’s just a few that I know of…
and even Christian Mingle…
This is funny as I’m happily married for 30 years. But then again there are sites out there like Ashley Madison…
While I could be on a dating site, it would be hard to make up a new offspring. LOL!
Great! But What Can I Do?
- Don’t except a friend request from someone that you don’t know. I know, you are in sales – I get that. Just take a moment to look into if this person is real. Don’t go by the number of friends they have in common. You would be surprised how many of your real friends would just accept anyone (especially if he’s a Hunk or she’s a Looker).
- Online dating is risky. Do some serious sleuthing on Google before you get too far. Did you know you can search Google for an image? https://www.google.com/imghp
The moral of the story: Be careful out there and please hesitate before you click (or wire me or anyone money)