How To Recognize An Email Scam

Email scams are inundating our inboxes. From fake Facebook links to phony software programs, cybercriminals use email as the bait for their hooks. And many people fall for it.

Rule #1: Never click on email links. You should always go to your Web browser and type the site name directly. Links are easily forged, and clicking bad links allows viruses to bypass your security and silently install themselves on your computer. Remember our motto: Think Before You Click.

We’re going to dissect three of the most common email scams: fake social-media messages, phony antivirus warnings, and counterfeit account statements. But first, let’s talk about how these scams work. All of them bear similarities: use of real logos, colors, and addresses; realistic-sounding language; and links that look like they lead one place when they actually go somewhere else.

Don’t rely on poor grammar or punctuation to tell a scam from the real deal. Some scams may be amateur efforts, but others are so convincing that it’s almost impossible to detect them. It’s best to err on the side of caution and never click links in any email messages.

(Click the screenshots below to enlarge them and see how these email scams try to trick you.)

The Facebook Fake-Out
What It Is: False messages from popular social media sites like Facebook, LinkedIn, and Twitter are a popular way to harvest passwords and sneak viruses onto your computer. People are used to getting email from these sites, so they will click without a second thought. As a result, social media has become the top method of computer virus infection.

How To Avoid It: Never click on links in email. Go directly to Facebook, LinkedIn, Twitter, and other social media sites by typing the site addresses into your Web browser. Don’t try to reset your password via instructions or links in email – and shame on LinkedIn for encouraging people to do exactly that in their recent password breach. See, even real companies get security wrong sometimes, so don’t listen to bad advice no matter who it’s from.

The Phony Antivirus Program
What It Is: Rogue antivirus is fake software that tricks you into installing it, usually by displaying phony infection warnings or upgrade notices. I’ve discussed rogue antivirus before; you can read about it here and here. Once a rogue antivirus program commandeers your computer it will disable legitimate antivirus, regenerate itself if deleted, and even hold your data for ransom.

How To Avoid It: Don’t install software on your computer unless you know where it’s from. When in doubt buy a packaged program from a store. Go directly to security software makers’ sites to buy and download software rather than relying on links in email.

The False Billing Statement
What It Is: Counterfeit billing statements attempt to harvest your password and account credentials. This information can be used to gain access to other accounts including your bank accounts and credit cards.

How To Avoid It: If you receive electronic statements, don’t click links in them. Visit the site directly to enter your account information. Never believe a password reset email or instructions to “verify” your account.

These are not the only scams in town. Fake package delivery notices, marketing surveys, and other scams abound on the Internet. It’s up to you to learn how to recognize and avoid them, but hopefully this has given you a head start.

How To Avoid Malware On Mobile Devices

Android malware rose 1,200% last year. Android represents 59% of smartphones shipped in 2012 Q1. This does not bode well.

Mobile device security is not on the average person’s radar, yet we’re toting these devices everywhere and using them for just about everything. Clearly we can’t afford to be lax.

Here is an easy primer on how you can protect your mobile devices from malware, whether you use an Android, iPhone, iPad, or other device.

Only buy apps from approved stores
Android users in particular are getting kicked in the butt over installing apps from non-Google marketplaces. Perhaps you think you’d never do that, but poisoned search engine results and malicious web pages can trick you into thinking you’re using Google’s marketplace when you’re not. Be careful when installing apps.

Don’t jailbreak your phone
Jailbreaking means working around the manufacturer’s lockouts so you can have more freedom to play with the configuration. It also can brick your phone – as in, turn it into a useless brick – and opens a greater possibility of malware infection. So unless you are a professional geek, don’t do it.

Install antivirus
Mobile antivirus may be rudimentary, but you still want it. Here are some choices:

Apply computer security to mobile devices
You know all those things I keep saying about not clicking links in email, avoiding Facebook scams, and so forth? They apply to your mobile devices, too. That’s the other way mobile malware is spreading, via social media and drive-by download.

Tell your friends
Let the people around you know about the importance of securing their mobile devices. Why not start by forwarding them a link to this article?

How are you protecting your mobile devices? Share in the comments!

Image(s): FreeDigitalPhotos.net

Is Your Security Software Everything It Should Be?

Security software isn’t just antivirus anymore, and it’s not just for your computer. Today’s security solutions encompass the ever-changing ways in which we use technology. Unfortunately, many people don’t realize the importance of upgrading.

One subscription to rule them all
Companies like Symantec, McAfee, BitDefender and Kaspersky are recognizing consumers’ need to protect their mobile devices by offering subscription-based options. This is the future of security for consumers, in which one subscription covers everything including computers, smart phones and tablets. It’s especially convenient for busy people on the go and families with multiple devices.

Social media support
Integrated support for social media like Facebook and Twitter has become standard. Even so, we still live in a world in which removal tools aren’t crafted until after viruses are already in the wild. To fight that, we’re seeing better detection capabilities and heuristics.

Consumers should replace old versions
Unfortunately, security vendors have made it so easy for consumers to continue the subscriptions for their old programs that people aren’t encouraged to upgrade to the latest versions. The idea was to make sure people didn’t let their antivirus expire, and at the time that made sense. In retrospect I’m wondering if we’re shooting ourselves in the foot.

The difference between renewal and replacement
If you renew your security software you keep the version you have for another year. When you upgrade or replace, you purchase the latest version of the software for a year. Usually the upgrade is slightly more expensive, which is why many people opt for renewal instead. And it’s not always clear why the fifty-dollar antivirus is cheaper than the eighty-dollar antivirus.

It’s confusing because most people look at their subscription date rather than the version date of the program. They see their subscription ends in 2013… but the program itself is dated 2009, and that means it’s not current.

Security vendors need to improve purchase process
I understand why vendors offer the option of renewal. The thought is that basic antivirus is better than nothing, and there’s something to be said for that. But I see a majority of people going for renewal because the purchase process is vague and because renewal is cheaper.

I take security vendors to task for not altering their sales strategy. They need to explain WHY upgrading is so much better than renewal. Maybe we need to discontinue renewal entirely.

If nothing else, make the purchase process crystal-clear. People deserve to know what they’re buying, and I think they will pay the additional cost for an upgrade if they realize the cheapest option is also the least effective.

Subscribe free to Tech Tips, and don’t forget to follow me on Twitter @trionaguidry for breaking computer news and other geeky stuff.

2011 Parental Control Software Review

If you’re worried about your kids’ Internet safety, you’re not alone. The rapid pace of tech innovation often leaves parents feeling lost, but the latest parental control software gives you the ability to keep up with the trends.

One of my current favorites is a freebie from an old friend. Symantec’s Norton Online Family lets you protect all the computers in your house from one convenient web-based control panel. What’s nice about Norton Online Family is that it works with both PC and Mac. First, set up your initial account on the Online Family web site, then add accounts for each child based on age. You’ll receive emails notifying you of any blocked sites or unwanted activity, and as the parental administrator you can permit or deny sites as you prefer. The default settings work great for blocking popups and ads on the sites your kids visit. And did I mention, it’s free?

There are some other freebies available to you if you have Windows 7 or Mac OS X Snow Leopard or Lion. The latest versions of these systems include improved parental control features.

I’m often asked if kids can get past parental controls. Of course they can, if they try hard enough. Using your computer’s built-in features offers resistance to “accidental” attempts to disarm the safeties, but I think a better deterrent is good old-fashioned communication. Even using the term “parental control software” can put your teen into a combative stance. Instead, call it what it is: part of your Internet safety arsenal. There are good reasons to protect kids’ computers that have nothing to do with parental trust. Stuff you don’t want will appear on even the most innocuous sites, or the sites themselves can be redirected somewhere unsavory. With parental control software you have an added level of protection on top of your antivirus software.

Follow These Steps To Computer Security

My column in today’s Northwest Herald talks about the four steps you need to take to minimize computer security risks: a security software suite, a hardware firewall, strong and unique passwords, and a method for keeping your software updated.

Here are some recommendations on security software suites.

You’ll notice I didn’t mention Norton. While Norton is adequate, it doesn’t have the best detection rates, and it takes up a significant amount of memory especially on older computers. I wrote several years ago about the reasons why I started recommending alternatives to Norton. Although recent versions of Norton have fixed some of these issues, I still prefer the alternatives.

Here’s my guide to creating secure passwords:

Plus, an article on what to do if your account is hijacked.

I mentioned several utilities that can help you keep your software up to date. For Windows, try Secunia’s Personal Software Inspector. Two possibilities for Mac users are AppFresh and Mac Informer.

If you’re interested I have a number of upcoming seminars including Blogs For Business, Leveraging LinkedIn, Social Networking, Expanding Your Online Presence and more. You can find my upcoming events schedule on my web site, or watch examples of my previous seminars.

New AVG 2011, And How To Choose Security Software

There’s a new version of the popular AVG Internet security software available. Many people use the free version of this software to protect their Windows computers.

For a long time the free version was enough. Then I began to notice a trend. People running AVG were becoming infected with threats not detected by the free version. So I began recommending the paid version of the suite, known as AVG Internet Security. However, after testing AVG 2011, I have some qualms about this new version.

First, AVG 2011 is a memory hog. If you have an older computer it may slow you down, although this could be said of any security program. Reports of bugs in AVG 2011′s LinkScanner also give me pause. This will slow down your computer as well as your network. Not everyone has experienced this, however; PC Magazine reports that their tests showed AVG had a small effect on system performance.

On the plus side, it’s easy to use and offers solid protection. I also like the LinkScanner feature that checks your Facebook posts and marks them as safe. My hope is that AVG will resolve any issues and that AVG 2011 will continue to provide people with strong security software.

What are your alternatives? I still don’t recommend Norton or McAfee because they’re also memory hogs (especially Norton). But, I’d rather have you using one of those than nothing. What I really want is a security suite with a high detection rate and a small impact on system performance. You could try Kapersky Internet Security 2011, although its interface is not as friendly for non-technical users. Trend Micro Titanium Internet Security 2011 is good but scored weak on malware removal. Webroot Internet Security Complete 2011 is another option. The thing I don’t like about it is that its firewall constantly pops up warnings, a big turn-off for most users.

In short, there is no one right answer to security software for Windows. If you have an older computer, you’ll want a solution that doesn’t bog you down. If you have a mobile computer, you’ll want strong WiFi protection. If you don’t do much surfing, a free solution may suffice. The best way to determine your needs is to have a computer professional assess your environment and make a recommendation.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Fake Security Software Cons You With Real Tech Support

The battle for your computer has stepped up a notch, as fake security software now offers real tech support. Talk about twisted!

As I’ve written before, rogue security software pretends to be real antivirus and anti-malware software in order to commandeer your computer. It disables your bona fide protections and claims that you must purchase their super-duper software to save you from invented infections. Now, they’ve added a “support” option as further bait. After all, if the software offers you tech support by live chat and email, it must be legitimate, right? And so much money is being made on this fake software that they can actually afford to hire real people to provide said tech support! It’s a whole new take on social engineering, the unethical art of doing anything and everything to manipulate you.

Remember, rogue security software will not protect you; it will leave you vulnerable. Your best protection is to stick with security programs from known vendors. Norton, McAfee, AVG, Trend Micro, and avast! are all real companies with real products. Although I’m still not enamored of Norton and McAfee (see why), you’re certainly better off with them than a rogue. Become familiar with what your regular antivirus program looks like. If you sit down at your computer one day and see something different, be very suspicious. Also, be careful if you do a web search for antivirus software, because many of the “sponsored links” lead you to fake programs. Once fake security software is on your computer, it’s extremely difficult to remove. And don’t fall for the trick “uninstaller,” which leaves remnants of the rogue to regenerate itself.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Fake Microsoft Security Essentials Antivirus

The real Microsoft Security Essentials is a free tool that helps protect your computer from viruses and other threats. A fake antivirus program is using the Security Essentials name to spread its infections.

Fake antivirus programs are viruses that purport to be legitimate security software. It can be very difficult to tell the tricksters from the real deal. In this case, if you run across something claiming to be “Security Essentials 2010“, stay far away.

Like other fake antivirus programs, this particular rogue hijacks your computer and prevents you from accessing the web sites of legitimate antivirus vendors. It uses hyperbole to convince you that your computer is infected, then tries to con you into paying for removal. Such tricks are becoming more common. I’ve previously written about the odious Win Antivirus 2010, a rogue that really raised the bar on how far these con artists will go in order to make money at your expense.

By itself, Microsoft Security Essentials (the real one) is not adequate security software. You need something more robust like the free or paid versions of AVG, or Trend Micro or McAfee. I’m still not recommending Norton because it’s such a memory hog, but use it if you must. Also be careful if you look for for antivirus programs via a search engine, as the con artists hijack search results to spread their dangerous look-alikes.

Don’t Renew Your Antivirus Software

Am I serious? Yes, I am advising you not to renew your antivirus software.

There’s a difference between renewing and upgrading to the latest version. Many antivirus programs allow you to purchase another year’s worth of updates without upgrading the software, but it’s not worth the slight savings. Upgraded software gives better protection.

Antivirus programs use a combination of definitions and heuristics. Definitions look for known virus code. Heuristics look for virus-like behavior, meaning they can detect both known and unknown viruses. When your antivirus software updates itself each day, it’s getting new definitions to protect against newly released viruses. But it doesn’t make sense to wait for a new virus to come out, write new definitions and send them out to millions of machines. With computers these days, by the time you do that it’s already too late. What’s needed is software with better heuristics. The newest antivirus programs have the latest heuristics available to consumers, so you are better off paying that little bit extra to upgrade instead of simply renewing for another year of definitions.

While we’re talking about not renewing your antivirus software, if you Windows users are still running Norton, save yourself a headache and move to something else when your subscription expires. The 2009 versions are better but still memory hogs compared to Trend Micro, the free AVG and others (look under Windows Users in the Tech Tips blog sidebar).

In February I’ll teach you how to Break The Internet Explorer Habit. Don’t forget to subscribe to the email version of Tech Tips for the latest computer news.

How To Protect From Cybercrime

If the cybercrime situation is so dire, what can an average person do about it? I present the four-legged chair of computer security. Without all four legs, your computer’s defenses could collapse.

  • Antivirus software
    You know this; what you may not know is that antivirus alone does not catch every threat.
  • Anti-spyware software
    Spyware is software you don’t want, similar to viruses but using different tactics. Adware, malware, keyloggers, Trojan horses, they all fit into the category of spyware.
  • Firewall
    Just like a fire door in a hospital, a firewall keeps out Internet nasties that try to sneak under the radar of antivirus and anti-spyware software.
  • Regular updates (“patches”)
    Every program has bugs, and these bugs can be used by viruses to manipulate your computer. Harden your security defenses by keeping your software up-to-date.

At home, you’re your own computer security czar. Run a full-fledged security suite, and install a firewall for extra protection. (See the sidebar, right, for suggestions.) Remember, you must purchase security software yearly, and update it every few days. And don’t forget those patches! For Windows I like a combination of Microsoft Update plus Secunia’s Personal Software Inspector. Mac users, be sure to check for new patches via Apple’s Software Updates, Adobe Updater and the other update features of your software.

If you have a company-owned computer, talk to your IT department about the protections that are installed. Find out if your corporate network prevents laptops from logging on unless the laptop has updated security. You can also explore one-time password systems, or biometric options like the fingerprint scanners now built in to most laptops.

Do you have questions about protecting yourself from cybercrime? Ask them here (click Comments below any article), and be sure to sign up for the email version of Tech Tips for bonus tips and product reviews.