How Do I Know a Web Address is Safe?

//
Security when clicking onto a website confounds me. Some sites put the section of the site you are wanting ahead of the web address. Example http://photos.kodak.com and some put the section after example http://kodak.com/photos. These examples are just made up but I hope you understand what I’m saying. How do I know if I’m on the secure website I’m supposed to be on? At times I see other addresses flashing by on the toolbar that are not the site I clicked on before the actual site appears.

This simple question opens up a veritable Pandora’s box when it comes to understanding URLs and what is safe to click on.

The concepts are simple, but how those concepts can be combined is complex, particularly if someone is attempting to deceive you.

I’ll try to make some sense of it all.

Read moreHow Do I Know a Web Address is Safe?

12 Steps to Keep from Getting Your Account Hacked

//
My account has been hacked into several times. If I’m able to recover it, it just gets hacked again. Sometimes I can’t recover it, and I have to start all over with a new account. What can I do to stop this all from happening?

I don’t get this question a lot. But I really, really wish I did. What I get instead, repeatedly, is “I’ve been hacked, please recover my account/password for me!” (Which, for the record, I cannot do, no matter how often, or how nicely, or not so nicely, I’m asked.)

The only salvation is in prevention, and this applies to email, social media, and pretty much any password-protected account you might have.

What can you do to make sure your account doesn’t get hacked in the first place?

Read more12 Steps to Keep from Getting Your Account Hacked

Why Is There so Much Spam?

//
Between bouts of frustration with my inbox, I’ve been reading your various articles on spam. I think I’m slowly getting a handle on it all, but it sure seems crazy. And it really got me to wondering… why is there so much spam in the first place?

I feel your pain.

Some time ago, I did some research and looked at all my email for an entire year. Not only do I get a lot of email, but my calculations show that 87% of it was junk. Wow.

Why is there so much spam?

It’s very simple, really.

Spam works.

Read moreWhy Is There so Much Spam?

Is Online Banking Safe?

//
I would think that no PC would be immune from malicious threats if they landed on some corrupt site that then installed malware or key-capture software. Is there any reasonable way to continue to safely do online banking?

Sure.

Avoid getting infected.

I know, that sounds trite and flippant, and I don’t mean to be so. Ultimately, though, all the advice boils down to exactly that: do what it takes to stay safe on the internet.

I regularly bank online. In fact, I’ve done so for years without incident. I much prefer it over the alternatives, particularly since many alternatives seem to be slowly disappearing.

Read moreIs Online Banking Safe?

Possible LastPass Phishing Vulnerability

News broke over the weekend about an approach to a phishing attack that could fool you into giving a hacker your LastPass credentials, even bypassing two-factor authentication. It’s not yet been seen in the wild, but code has been made available, so I’d expect it to start appearing.

Quick bottom line

If you get a message from LastPass that your session has timed out and you need to log in again, don’t. Instead, I recommend you close your browser, re-open your browser, and log in using the LastPass icon on the browser’s menu bar.

Read morePossible LastPass Phishing Vulnerability

Is my ISP calling me to clear up my problems with Windows?

//
Hi Leo,

You might be interested in this little anecdote.

Yesterday about noon, the telephone rang. It was an Indian woman, and here’s what she said …

What follows is an increasingly commonly-attempted scam. Fortunately, the person reporting it had the right instincts and was able to avoid getting taken.

Let’s look at the transcript provided, and I’ll identify all of the warning signs with [notes] as we go.

Read moreIs my ISP calling me to clear up my problems with Windows?

What is it About Attachments?

Some time ago a report about the most common vectors for data breaches and related issues was released.

You and I are the weakest link.

For at least one large segment of attack, it’s our propensity to download and open email attachments that gets us into trouble.

A couple of scary numbers from that report: 1 in 10 people will download and open an attachment attached to phishing email or spam. The average time between a phishing email being sent and the first victim taking the bait is 22 seconds.

What the heck is it about email attachments that makes them so darned irresistible?

Read moreWhat is it About Attachments?

Phishing: How to Know it When You See It

//
I’ve received an email from Microsoft asking for billing details and threatening the end of my Outlook.com account. Contacting Microsoft resulted in referral to a support alias, but no answer. Is this a problem, or a forgery?

Phishing is a word you hear a lot in the news these days, and this question brought it to mind.

You’re right to be suspicious: this definitely sounds like a phishing expedition.

Read morePhishing: How to Know it When You See It

Why Spammers Love ZIP Files and How You Need to Stay Safe

//
I suppose most folks will be getting unsolicited spam to try to get your details. I’m getting financial questions and attachments with a .zip extension. What is .zip?

The ZIP file is the spammer’s – or rather the phisher’s – best friend.

ZIP files are everywhere, and have a lot of very valid uses. Unfortunately with that ubiquity comes the potential for abuse.

And that’s exactly what spammers like to do.

Read moreWhy Spammers Love ZIP Files and How You Need to Stay Safe

Should I take the security protection offered after the most recent security breach?

//
What is the current status of a company that wants to offer security protection for your credit card purchase and your identity? Is it “Target” initiated?

Target, a retail chain in the United States, is the company whose security was breached recently in a fairly massive theft of account information from their customers. Unfortunately, this gets really complicated really quickly. Compromised companies like Target try to do the right thing for their customers, but of course there’s always somebody who wants to come along and take further advantage of the situation.

Read moreShould I take the security protection offered after the most recent security breach?

Is the internet just full of scams?

//
All these PC online technicians say “your computer is infected; you need to pay at least $100 to have us fix it like new.” They told me that even if I go to factory settings it won’t help. Now, I’ve been running McAfee security and I do full scans and I have no virus. Is the internet just packed with tricksters?

The very direct answer to your question is yes.

Yes, there are a lot of scams and misleading advertisements out there.

That’s why there’s one skill I believe strongly that everyone needs to develop.

Read moreIs the internet just full of scams?

Why Does this Email Message Ask Me to Enable HTML When It Already Is Enabled?

//
Using Hotmail, now Outlook.com, and my address is “something” @hotmail.com. In the past two days, I’ve received several messages from my bankcard company: the first, an alert that a payment is due soon, and the second, an acknowledgement that payment has been scheduled. Each includes “Please enable HTML in the message text.” I have not done anything to disable HTML. Principally, I don’t know how and secondarily, I’d be afraid to find out the consequences if I did. Previous account-related messages from this company included the link to the card users login page. The current message does not have this link. Thinking that something may have accidentally come unhooked in my Hotmail settings, I looked in options for anything indicating how to enable HTML. Finding nothing, I went on the net and searched “Enable HTML Hotmail” and found Ask Leo! I’ve read through the topics here and searched “Enable HTML Hotmail Outlook” and found no answer. Messages from other sources contains links, none contained a request to enable HTML. Please advise what I’ve done and how can I undo it so I can easily attend to this credit card.

I don’t think you’ve done anything and I don’t think there’s anything to undo.

There are several reasons why this kind of thing can be happening. Most of them boil down to an improperly constructed email message on the part of the sender. In other words, it’s not you, but the sender.

Read moreWhy Does this Email Message Ask Me to Enable HTML When It Already Is Enabled?

Why Does Legitimate Email from PayPal Instruct Me to Click a Link?

//
As you stated and I’ve preached to my own family, you should never click a link in an email that purports to be from PayPal – never. If there’s something that needs to be checked out, go to the PayPal site yourself by typing paypal.com in your browser’s address bar or clicking on your bookmark – never click on an emailed link to PayPal – got that? And yet my monthly email statement from PayPal includes a link to login! Why is PayPal practicing business in this manner? We both know that they know that they’re not ignorant of the risky behavior fostered.

You are 100% correct. I agree with you – I wish PayPal didn’t do this.

Now, I can postulate a few reasons why PayPal might choose to behave this way … but I still can’t really justify it.

Let me throw out a few of my ideas.

Read moreWhy Does Legitimate Email from PayPal Instruct Me to Click a Link?