Facebook Notifications Alert You Right Into a Great Scam and Malware

1470408437

A friend commented on your Facebook post and you see a notification in the corner of your app or an email arrives getting you all excited to know what that friend said. So you click the included link in the notification or email and Bam! You download malware to your device.

This is one of the scams making its way around Facebook right now. In this scam, merely clicking the link in the notification that you were tagged or a comment was made will not execute the malware. However, if you click on the file that was downloaded, it will. This one primarily preys on users of the Chrome browser using a JavaScript encoded file, but other browsers are likely not immune. A second Facebook scam uses clickbait to lure unsuspecting victims and is getting around Facebook’s filters for malicious links.

Clickbait is a photo or headline that is of a provocative or sensational nature with the intent of attracting clicks, views, or site visits. The objective of the hackers in this second scam is to steal login credentials, which will ultimately allow them to do more phishing. The clickbait is pornographic in nature and theoretically should be caught by the phishing filters.  However, it has not yet been and the links are being posted to various Facebook groups.

When the play button on the video is clicked, the user does not see the promised nude girl, but is redirected to a site where he or she is asked to enter Facebook login credentials and a phone number.

Then the user is redirected to an online survey that collects additional information. In some cases, users are redirected again to another site that downloads a fake version of Flash Player that includes either malware or adware, or possibly both. In any case, it’s not a good thing.

One good thing is that users of Chrome seem to be somewhat protected against the second scam because Chrome blocks one of the sites hosting it. However, the scammers are onto that and are already using other ones that have not yet been identified.

It’s always best to avoid clicking links in email messages or in other types of notifications, especially if they are not expected. Instead, go directly into the app or to the site using a previously bookmarked link or by typing the URL into the address bar, being careful not to mistype it (this could lead to other infections by typosquatters or do-jackers). Use caution when clicking on videos or links in Facebook or any social media. Even if they appear to have been posted by your friends, they may actually come from a hacker who has compromised your friend’s account in some way. If you are suspicious in any way, it’s best not to click it.

If you click a link and it asks you if you want to run a program or execute something else, click the negative option unless you know it’s legitimate. And always keep your computers and mobile devices updated with the latest versions of software. Make one of those pieces of software a good anti-malware product.

The Google Chrome browser has been used in several cases to compromise users’ systems. Not long ago a fake Chrome for Android update was used to steal personal data and last year, the CTB Locker ransomware was circulating masquerading as a Chrome update.

© Copyright 2016 Stickley on Security

Welcome to the Workforce

workforce_banner

It’s time to roll up your sleeves and put that lifetime of education to work for you. Finding the right job isn’t easy—it takes motivation to go after the industry or company you want, effort to ace the application and interview process and a bit of luck to land the job. Read on for tips, advice and tools that will help ensure a successful search.

Resources

Your school career center is an excellent place to start when looking for work. As a resource provided to students, the point of a career center is to find jobs that relate to specific fields of study. Check in with a career counselor for advice on resume building or to sign up for on-campus interviews. Recruiters often come to schools and universities looking for future prospects. Many campuses hold job fairs and career events year round. It’s a great way to get your foot in the door of an otherwise out-of-reach company.

The Internet has made job hunting more convenient. Specifically, job search sites like Indeed, Career Builder and Monster allow you to apply for jobs and/or post your resume for potential employers to come find you. Craigslist is another resource to find part-time or full-time positions. Submitting a cover letter and resume online is often the preferred method these days.

Headhunters and employment services can also be a good source for job leads. One of the major benefits of working with placement agencies is that they already have established relationships within the industries they service and know exactly who to put you in front of. The downside is that some may charge you a fee for their services or require a percentage of your pay from the company who has hired you.

Networking is a great way to get your foot in the door. Many of the best jobs out there are never advertised. The key to landing them is a lucky combination of being in the right place at the right time and talking to the right person. Don’t be afraid to go to social events and advertise yourself or talk about your goals. Or share your plans with friends and family. If they can’t immediately connect you with a job, they can often provide valuable advice on where to look and who the best contacts might be. It’s also important to join online networking circles. Post a profile on LinkedIn and join groups to connect with relevant professionals.

Know What You’re Looking For

Think about the big picture and not just the job you want now. Beyond earning a paycheck, what skills and experiences do you want to take away from your new job? Look to the next step of your career and think about which job will get you closer to that goal. Also, look at the associated benefits. A high-paying job with no benefits may not be as advantageous as a lower-paying position with a complete benefits package.

Consider cost of living and your expenses before you relocate for a job. Every city is different, so a starting salary in one area may not be enough to support you in a new location. Moving costs are another factor to take into consideration. If your prospective employer isn’t going to pay your moving costs, make sure the salary will make up for these costs in the long run, or that you have additional funds to cover the expenses.

NASA Federal Credit Union Celebrates the 50th Anniversaryof Star Trek™ with a Special 50,000 Bonus Points Offer on Their Official Star Trek Credit Cards

Press Release Art (003)

Upper Marlboro, Maryland—August 5, 2016—NASA Federal Credit Union announced today it will join in the celebration of the 50th Anniversary of the Star Trek franchise at the Annual Star Trek Convention in Las Vegas from August 3 through 7, 2016. As part of the celebration, NASA Federal will be promoting a limited time offer of 50,000 bonus points on their line of official Star Trek credit cards. Points may be redeemed for exclusive Star Trek merchandise and experiences not available with other credit cards.

NASA Federal will also raffle off NASA flight jackets to those entering the contest at nasafcu.com/nasajacket. In addition, they will give away Star Trek-branded headphones to attendees who post selfies with Star Trek card fans to @nasafcu on Facebook, Twitter, and/or Instagram using the #StarTrekCardFan.

“We are excited to be part of the Star Trek 50th Anniversary by offering Star Trek fans 50,000 bonus points on their new Star Trek credit cards. And the good news is that Star Trek fans don’t have to be at the convention to get the Star Trek credit cards or enter to win a NASA Flight Jacket,” says NASA Federal Credit Union President & CEO Douglas Allman. “We also hope that holders of Star Trek credit cards feel pride in the Star Trek franchise every time they use their cards, while also earning points toward exclusive Star Trek merchandise and experiences.”

In late 2015, under license by CBS Consumer Products, NASA Federal launched four new Star Trek Platinum Advantage Rewards Credit Cards, which included the Starfleet Academy, United Federation, Captains and Starfleet Command Cards. In addition to exclusive Star Trek merchandise and experiences, all four cards feature a competitive interest rate, no balance transfer fee, and a low 7.9% APR balance transfer for life, along with a generous rewards program.

Star Trek fans may apply for the new cards online at nasafcu.com/startrek, or by calling 1-888-NASA-FCU. And they may also enter to win a NASA Flight Jacket at nasafcu.com/nasajacket.

Real PayPal Emails Used to Take Funds and Give Malware

paypalscam2

PayPal is again being used by crafty cyber criminals to trick unsuspecting customers out of their money and to install malware. In this case, an email arrives in the inbox of the victim stating that $100 has mistakenly been sent via the PayPal service and transferred to his bank account. Of course, a link is included and if it’s clicked, a variant of the Zeus malware is set lose. It’s being called the Chthonic Banking Trojan.

The sneaky part of this is in using a legitimate PayPal account and a message directly from PayPal. The message, “You’ve got a money request” won’t likely be detected as spam because it is not a false email. Anyone can create a PayPal account for free and that is what the scammers are doing in this case.

paypalemail

In addition to asking for money, the link redirects to a site that installs the Chthonic Trojan and another module called AZORult. However, it is not yet known what that second one does.

Whenever a message like this is received, especially if it’s asking for money, take a bit of extra time to really examine it. The few extra minutes you take to look closely is not likely going to result in any more damage, even if it is a real email. Regardless of whether or not the link is legitimate, go to your account separately and view any messages in there rather than clicking links. Use the URL that you know is the correct one or via a previously bookmarked link.

Jim Stickley of Stickley on Security found that PayPal appears to have done a partial fix for this. Stickley said “In testing, we have found that PayPal does modify any URL included a message for a PayPal money request. This is done by removing certain characters from the URL to prevent it from functioning properly.” However, he found that a message included in a PayPal invoice request still allows the potentially malicious URL. The link in the email message is indeed clickable. However, he stated that “inside the PayPal account, links are not clickable but can be copied and pasted.”

Therefore, any email sent from PayPal, whether it is a money request or an invoice should be thoroughly scrutinized before any action is taken. The best response is to log into the PayPal account to view request and respond accordingly. You can click to cancel the invoice and send a note stating you would like more information. You can also contact the sender using information you find somewhere that is not from the message or invoice sent to you. Cyber criminals often will put their own contact details in their messages. So look for contact details for the company or person elsewhere. Never hit the reply button in email messages to contact the sender in these cases.

© Copyright 2016 Stickley on Security

Amazon Doesn’t Owe You Money; It’s Ransomware

MONTREAL CANADA - MARCH 10 2016 - Amazon shipping box with branded tape on it. Amazon is one of the most popular and biggest online store.

Amazon is a big company and that makes using it by hackers to lure in victims very attractive. The company has over 300 million active customer accounts and did over $100 billion in sales last year. So when customers get email from Amazon, it probably doesn’t strike them as odd. But now, a phishing scam is resurfacing that may cost you more than snazzy pair of shoes on your “recommended for you” list.

The email messages state that a system error caused the customer to be double charged for an item and a refund process was initiated. A link or attachment is included that supposedly confirms the billing address. A refund is promised in a few days after validation. However, that link or attachment contains ransomware.

amazon refund

It looks like it could be real, but with closer attention mistakes can be spotted such as minor typos, a missing period, or perhaps an extra space in between two words. The biggest sign of a scam is the link itself. When you hover over it with your mouse, it is clearly not an Amazon.com URL. Be sure to review all email messages clearly and follow good practices for avoiding being hooked by these scams:

  • Avoid clicking links in email messages, especially when you are not sure they are safe and/or are not expecting them. Instead, go directly to your online account by typing in the address you know to be correct or clicking a previously bookmarked link. If a refund is owed, it’ll be in there.
  • Look closely at the messages for typos and other errors. While the scammers are getting better at making them look legitimate, they often still make mistakes that give them away.
  • Use anti-malware software on all internet-connected devices, regardless of what operating system they are running. All of them are vulnerable to ransomware and other malware. Keep the software updated.
  • If you have the option of using multi-factor authentication on your sensitive accounts, or any account where you store sensitive information, take advantage of it. This could mean having a one-time code sent via text to you that you enter into a field before it’ll authenticate you or it could be a key fob type device with a randomly generated number. There are other methods, but it could be anything that requires something in addition to a password or PIN before giving you account access.

Should ransomware strike you, don’t pay the ransom. Instead, take a proactive approach and do regular backups of your important documents and files. Keep the backup copies separate from your computers or mobile devices. You can always restore from one of those should the need arise and avoid losing your money and putting it into the wallets of the hackers.

© Copyright 2016 Stickley on Security

10 Tips for Becoming a Knowledgeable Renter

for rent

On the hunt for a new apartment? A move can be an exciting opportunity to explore a new area or meet new people. However, competitive rental markets can make it difficult to find a desirable place on a budget.

Keep these ten tips in mind to manage the process like a pro. They’ll help you stand out from the crowd, get a good deal, enjoy the neighborhood and manage your rights and responsibilities as a renter.

1. Talk to Other Tenants. Speak with current or past renters to get a sense for the building and landlord. Ask about the neighborhood, noise, timeliness with repairs and any other pressing questions. Consider looking for online reviews of the landlord as well, and research the neighborhood.

2. Upgrade Your Application. Go beyond the basic application requirements and include pictures, references, credit reports and a short bio about yourself and whoever else may be moving in. Try to catch the landlord’s eye and show that you’ll take care of the property. You can order a free credit report from each bureau (Equifax, TransUnion and Experian) once every 12 months at AnnualCreditReport.com.

3. Understand Your Lease. The lease may list the rent amount, terms of the security deposit, guest polices and other crucial details. Read it carefully and ask questions if you don’t understand something. State laws regarding rent control or other regulations can impact your situation as well. If you can afford one, you could hire a lawyer to review and explain the lease.

4. Negotiate the Terms. You can’t always negotiate lower rent (it’s worth trying), but there may be flexibility when it comes to the security deposit, parking spaces, administrative fees, or the lease’s length.

5. Learn Your Rights. Protect yourself by learning about your rights as a renter. They can vary by state, and the U.S. Department of Housing and Urban Development (HUD) has a directory with links to tenants’ rights websites for each state.

6. Do a Walkthrough. Walk through the apartment with the landlord, look for damages and document anything you find. You’ll thank yourself later when you move out and ask for your full security deposit back.

7. Consider Renters Insurance. Renters insurance costs about $15 to $30 a month for a policy that covers $50,000 worth of losses. It reimburses you if your belongings are stolen, damaged or destroyed by a covered cause, such as a fire. The insurance also helps pay for legal fees if, for instance, someone sues after getting injured at your home.

8. Make Your Own Repairs. Prior to signing the lease, ask if you can take on some of the maintenance responsibilities in exchange for reduced rent. You could offer to handle and pay for basic upkeep, such as replacing lights or smoke detectors, and making minor repairs.

9. Pay Attention to Bills. Evaluate which bills you’ll pay in addition to the rent, such as gas, heat, water, electricity, trash, Wi-Fi or parking. A more expensive apartment that includes these can save you money overall.

10. Talk to Your Landlord. Hiding financial trouble helps no one. Talk to your landlord and ask for an extension if you can’t make rent. Good tenants can be hard to come by, and your landlord will likely prefer open communication and a late check to being left in the dark.

Bottom Line: Being an informed renter is especially important in a competitive rental market. Take simple steps to improve your rental and money management skills and you’ll benefit for years to come.

By Nathaniel Sillin