Saturday, December 31, 2011

Happy New Year from Hyphenet!

Happy New Year3.. 2..1..

Twenty-twelve has finally arrived, folks!

We will be taking a short break to ring in the new year with our family and friends, so you may notice a decrease in blog posts over the next few days.

Fear not, though, for we shall return to alerting you about the latest malware threats, phishing scams, and other related stories soon. :-)

Until then, feel free to browse through old posts and either subscribe to our blog (option is to the right; don't worry, your email address won't be shared with ANYONE) or follow us on Twitter, Facebook or Google+ to make sure you don’t miss out when we get back into the groove of things.

We hope you have a safe and Happy New Year!

Friday, December 30, 2011

Facebook Attacks: How they Work & How to Prevent Them [INFOGRAPHIC]

Chances are you’ve encountered a Facebook attack of some sort.

Whether it’s finding yourself inexplicably drawn to click on that free offer in your news feed despite your gut instincts telling you not to or having a friend flood your Facebook news feed with the help of an evil browser plug-in, it’s likely that you’ve witnessed a Facebook attack in some fashion.

So, how do Facebook attacks work anyway?

This infographic compiled by Commtouch illustrates the anatomy of Facebook attacks from start to finish and provides helpful tips to prevent them (just like we’ve been doing!).

Take a look:

Facebook Attacks 2011 Infographic

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Thursday, December 29, 2011

Hackers Break-in Subway's POS Systems, Rack up $3 Million in Fraudulent Charges

Subway Restaurant

A group of Romanian hackers taught Subway an expensive lesson in point-of-sale (POS) system security – at the expense of over 80,000 customers.

Since as far back as 2008, the hackers had been pilfering customer debit and credit card information from over 150 Subway restaurant franchises and over 50 other small retailers.

Amazingly, the cybercrooks were able to pull it off with little effort thanks to the blatant disregard of security configuration standards, which allowed the hackers to sniff out point-of-sale systems with specific remote desktop access programs installed, crack easy-to-guess passwords and plant data-stealing malware.

Once the information began rolling in, the thieves created counterfeit credit cards, placed a couple of bets local French ‘tobacco’ shops, sold some of the credit card data off to the highest bidder and even registered a couple of domains with GoDaddy and signed up for hosting services.

In the end, the cybercrooks rang up a total of $3 million dollars in fraudulent charges!

Light eventually began to shine at the end of the tunnel of theft when Subway’s corporate IT and a credit card company “simultaneously” discovered the data breach and they began action to prevent further information from being ripped off.

The Department of Justice has asked Subway to keep details of the attack hush-hush since there’s still an ongoing investigation.

Hearing such tales should be enough to convince small business owners to follow proper protocol when setting up their payment systems and serve as a reminder to consumers to keep a close eye on their billing statements.

[via Ars Technica]
Photo Credit: zyphbear

Updated 6/6/12Alleged Romanian Subway Hackers Were Lured to U.S.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

How Much Can Cybercriminals Make Off Your Personal Information? [INFOGRAPHIC]

CybercrookHave you ever wondered how much cybercriminals can make from your confidential information?

As it turns out, internet crooks can make a pretty penny by selling stolen information. Whether it’s the login to your email account ($20), your credit card details ($10) – or heck, even your WoW account credentials ($150) – there's always money to be made. Worst part is, that's not even counting what they can earn directly from you (like the $50 you paid for their rogue antivirus program?).

This infographic by Kaspersky Labs serves as a reminder on how important it is that we take the necessary precautions to keep our personal information private and secure. Yes, that means running antivirus software and not falling for phishing emails, online scams, or the bogus alerts from malware posing as innocuous programs.

Check it out:

Kaspersky Infographic: "How much you lose, what cybercriminals make"

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Sadly, Shell Is Not Giving Away $100 Gas Cards on Facebook

ShellSeeing how a lot of us are paying over $3/gallon for gas, it’s no real surprise that we’d jump at the opportunity to claim a $100 Shell gas card.

I hate to break it to you, but the free $100 Shell gas card offer is nothing more than a front for the latest survey scam to hit our favorite social networking site.

The survey scam starts off by luring in unsuspecting users with Wall posts similar to this one:

 Shell Gas Card Spam Message

Free $100.00 Shell Gas Card!! (limited time only)
Shell is currently giving away $100.00 gas cards to all facebook users!!

Take note that survey scam artists typically use multiple domains to minimize the chance of their scam being blocked by Facebook’s built-in security filters that block troublesome URLs.

Upon clicking the link, you will be taken to a page that requests you help attract additional victims by posting the offer to your Facebook Wall and like the page. This allows the survey scam to quickly spread across Facebook and reach as many users as possible.

Shell Gas Card Facebook Scam

After doing so, you will be redirected to a completely different site ( that will ask for your email address.

Shell Gas Card Facebook ScamIf you’re one to skip over the fine print, now would be a good time to pick up on the habit of reading it before blindly accepting an offer. The huge block of text at the bottom of the page clearly states what you’re required to do in order to receive your “reward”:

4) Complete the following reward offers: 2 Silver, 2 Gold, an 2 Platinum offers (Available reward offers will vary. Some reward offers require a purchase. Credit card offers may require you to activate the card by marking a purchase, transferring a balance or taking a cash advance.)

That sure sounds expensive for something that’s supposed to be “FREE”.

How to Deal with the $100 Shell Gas Card Scam on Facebook

If you fell for this scam:

  1. Remove the Wall post and page like history from your profile and news feed.

  2. Replace the scam advertisements with a warning to your Facebook friends not to fall for this scam.

  3. If you provided personal information: Be on the lookout for additional scams and/or spam that may be sent to you via email, snail mail, or even by telephone. Closely monitor your cellphone bill for suspicious charges as scammers have been known to sign their victims up for expensive SMS subscription services and watch out for any signs of identity fraud.

If you see a friend posting this scam, let them know it’s a scam and advise them to complete steps 1-3.

Cybercriminals are fond of launching survey scam campaigns on Facebook due to the easy cash flow (they're paid for completed surveys) and the site’s insane marketing potential.

Always remember, if it seems too good to be true, it probably is!

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Wednesday, December 28, 2011

Phony Bank of America Alert Emails Link to Malware

Bank of America SpamBe sure to hover your mouse over any links in Bank of America emails to verify they will lead you to the proper place.

Cybercriminals are doing their best to imitate emails sent by Bank of America to notify customers of important account alerts in order to spread malware.

The spam email closely resembles legitimate BofA emails and is void of any obvious spelling or grammar mistakes – characteristics that typically tattle-tale on spam emails the moment they’re opened.

All but one of the links within the email point to the legitimate BofA website (just like the Delta Air Lines phishing email did), which happens to be the link that folks are most likely to click since it allegedly takes them to the alert message:

Bank of America Spam Malware Link

Please follow the link to download ALERT message here

However, the link points to an Italian domain that serves up a malware identified as Troj/FakeAV-EZF. Once on your machine, Troj/FakeAV-EZF will modify system files, disable IE internet security settings and open a backdoor to download additional malware or allow remote control.

How Can I Avoid Falling for This Fake Bank of America Spam Message?

One way to spot the fake Bank of America alert emails is to note how you are addressed within the email. Authentic BofA emails will address you by name, whereas the fake alerts will address you by email address.

Also, it's generally a good idea to hover over a link and checking the actual address in the status bar before clicking on it. Of course, you could always bypass any email-related threats by visiting Bank of America’s website by typing in the URL in your browser, logging into your account and checking the ‘Alerts’ section for any new notifications.

Have you received any fraudulent Bank of America emails? Share your experience below!

Be sure to follow us on Twitter @hyphenetfollow and “Like” us on Facebook for the latest tech news and PC security threats. 

Is Walgreens Giving Away $50 Gift Cards to Facebook Users? No, it’s Just a Survey Scam

Surprise! Cybercrooks have set up yet another survey scam.

This time they’re preying on gullible Facebook users that hope they’ll be one of the “lucky 10,000 users “that earn themselves a $50 gift card to Walgreens.

Walgreens Gift Card Scam Spam Message

Get 1 F.R.E.E Walgreens Gift Card! (limited time only)
Walgreens is currently giving away 1 gift card to 10,000 lucky Facebook users!

Like most survey scams, the first thing that the scammer wants you to do is share the scam with your Facebook pals by posting it to your profile and liking the page.

Walgreens Gift Card Scam Spread the Wealth

Once you’ve done that, you’ll be redirected to another website ( that requests that you complete a short questionnaire to see if you “qualify” for the prize ($50 gift card to Walgreens).

Walgreens Gift Card Scam QuestionnaireOf course, they’re going to tell you that you qualify because that’s the only way they can sucker you into handing over your personal information – including your full name, physical address, email, date of birth & two phone numbers – and convince you to complete multiple “reward offers” that often require you to take out a personal loan, open a credit card, or sign up for some paid subscription service that you don’t need.

By the end of the day, you’ll have shelled out far more than the $50 Walgreens gift card was worth – and that’s assuming that they stick by their promise to give it to you.

More often than not, your personal information will be sold off to the highest bidder and that’s if the scammer doesn’t decide to just keep a detail or two in order to commit identity fraud.

How to Deal with the Walgreens Gift Card Survey Scam

  • If you come across this scam on Facebook then do not follow the links, share the page or provide any personal information.

  • If you’ve shared this scam, remove any Facebook wall posts and like history from your profile and news feed.

  • If you see a friend spreading this scam, let them know that it is a scam and advise them to remove any wall posts.

  • If you or someone you know has fallen for this scam and provided personal information, be sure to keep an eye out for future scams that may arrive via email or snail mail. Keep a close eye for any suspicious activity related to possible identity theft and watch your phone bill for evidence of your number being registered for SMS subscription services.

Remember that cybercriminals often use social networks in order to spread their survey scams. So if you come across similar offers or posts for free meal vouchers or gift cards, be sure to do some research and look out for any signs that it’s a scam.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Tuesday, December 27, 2011

That Offer for a $100 Gift Card to TGI Fridays Is NOT Real

TGI FridaysIf you’re like me, you’d probably enjoy a free meal or two at TGI Friday’s.

Sadly, following the offer for a free $100 gift card to TGI Friday’s on Facebook is not the way to get one.

Cybercriminals have launched yet another survey scam campaign on Facebook; this time they’re conning people into filling out a never-ending list of surveys and completing multiple reward offers by promising them a $100 TGI Friday’s gift card in return.

The scam begins by the victim encountering a message similar to this:
Eat a TGI Friday’s for FREE! (limited time only)

TGI Friday’s is currently giving away $100.00 gift cards to all facebook users!!

 TGI Fridays Facebook Scam: Spam Message

The e-crook uses a variety of domains in order to promote the scam. Some of the domains involved include:




Upon clicking the link, you’re taken to a page that requests you help keep the scam alive by posting it to your profile and liking it. The scammers are hoping that your Facebook friends will be eager to follow in your virtual footsteps to make sure they don’t miss out on such a “great opportunity”.

TGI Fridays Facebook Scam: Share on Facebook

After completing the alleged “first” and “final” steps on the page, you will be redirected to yet another site ( that boasts the same offer, only this time you have to enter your email address.

TGI Fridays Facebook Scam: Enter your emailOf course, this is only the beginning, as the footer of this page clearly states that you must fill out user surveys, complete a total of 6 “reward offers” and meet whatever other crazy requirements that they decide to throw at you.

Here’s an excerpt from the terms:

3) Complete the user surveys; 4) Complete the following reward offers: 2 Silver, 2 Gold, and 2 Platinum offers (Available reward offers will vary. Some reward offers require a purchase. Credit card offers may require you to activate the card by making a purchase, transferring a balance or taking a cash advance.

If you dare to go past this step, you will be taken to what is assumed to be their registration page, which insists you provide an assortment of personal information like your name, address, birthday and two telephone numbers. I’m surprised they don’t ask for a copy of your driver’s license, birth certificate or social security card at this point.
TGI Fridays Facebook Scam: Provide all of your information
Let’s not forget that a $100 gift card to TGI Friday’s was the entire reason we bothered to click this link. Is your identity worth a $100 gift card? Granted, TGI Friday’s has great food, but it’s not hand-over-my-personal-information-to-a-crook great.

And that’s assuming you’ll actually get it once you meet all of the scammer’s demands.

How to Deal with the $100 TGI Friday’s Gift Card Scam

If you come across this scam on Facebook, it's strongly recommended that you:

  1. Remove any trace of this scam from your Facebook profile, which means you will need to delete the Wall post and page like history.

  2. Warn your family and friends to steer clear of any “special offers” for a $100 TGI Friday’s gift card or any other free gift cards. There are a lot of survey scams out there. (Check the ‘Related Posts’ links at the bottom of this article and see what scams have been circulating on Facebook recently.)

If you provided your personal information, be on the lookout for future scams or spam messages that may be delivered via email or snail mail. Also watch for suspicious charges on your mobile phone as scammers often subscribe victims to expensive SMS subscriptions.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Get Webroot SecureAnywhere Antivirus 2012 for $42 per User/PC License

This offer expired on December 30th, 2011.

Webroot SecureAnywhere Antivirus 2012Cloud-based approach delivers faster, more effective virus protection that's always up to date. Identifies and protects against new threats as soon as they emerge without ever having to download security updates. Scans your PC with blazing fast speed without disrupting your work or conflicting with other apps.

For a limited time, you can order Webroot SecureAnywhere Antivirus 2012 Licenses from Hyphenet for only $42 per User/PC!

Call Hyphenet at (619) 325-0990 to order your Webroot SecureAnywhere Antivirus 2012 License(s) today!

About Webroot SecureAnywhere Antivirus 2012

ProductSecureAnywhere Antivirus 2012 - subscription package
CategorySecurity applications
- desktop antivirus, security
- adware & malware removal tools
License TypeSubscription package
License Validation Period1 year
License Qty3 PCs
Platforms- Microsoft Windows Vista (32/64 bits) SP1
- Microsoft Windows XP (32/64 bits) SP2
- Microsoft Windows Vista (32-bit versions)
- Microsoft Windows Vista (32/64 bits) SP2
- Microsoft Windows 7 (32/64 bits)
- Microsoft Windows 7 (32/64 bits) SP1
- Microsoft Windows XP (32/64 bits) SP3)
System Requirements- Pentium
- RAM 128 M
- HD 10 MB
Software Requirements- Internet Explorer 7 or later
- Mozilla Firefox 3.6
Peripheral / Interface DevicesInternet Connection
Service & SupportNew releases update
Service & Support DetailsNew releases update - 1 year
Virus definitions update - 1 year
Malware definitions update - 1 year

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your Webroot SecureAnywhere Antivirus 2012 subscription now!

Buy of the Week offer valid through December 30th, 2011.

This offer expired on December 30th, 2011.

Phishing Email Wants Your Apple Login and a Buttload of Personal Information

Evil AppleA new phishing email targeting Apple login credentials and banking information is currently making rounds.

First spotted by security researchers at Intego, the phishing email has been carefully crafted by cybercrooks to appear as though it is a legitimate message sent by Apple urging you to update your Apple account billing information or face the possibility of your account being terminated.

The phishing email reads:
Subject: Apple update your Billing Information

Dear Customer,

It has come to our attention that your account Billing Information records are out of date. That requires you to update your Billing Information. Failure to update your records will result in account termination.

Click on the reference link below and enter your login information on the following page to confirm your Billing Information records…

Click on to confirm your Billing Information records.

Apple Customer Support

If you hover over the link in the email, “”, you will see that the scammer is attempting to lead you to a spoofed website that’s NOT on the domain (always check the URL!):

[caption id="attachment_2477" align="aligncenter" width="464" caption="Credit: Intego "][/caption]

Upon visiting the fake Apple page, you will be asked to login to your Apple account (giving your Apple ID and password to the scammer) and once you “login” you will be taken to a page that allows you to fill in everything from your mother’s maiden name to your social security number to your billing address and credit card information.

Pretty sneaky, huh?

You can avoid falling for phishing scams like this one by typing the URL of the website you wish to visit directly into your browser address bar opposed to clicking links in emails. Most companies do not link directly to login pages, but instead will instruct you to type them in by hand (they do this so you can easily spot phishing emails).

If you do take the risk of clicking a link within an email, make sure you CAREFULLY double-check the URL in your browser before entering any login credentials or personal information.

Also be sure to run up-to-date antivirus software that offers real-time scanning and web filtering just in case you click a link within a spam email that leads you to a malware-infested site.

Have you received any other phishing emails lately? Share your experience below!

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Photo Credit: Daily Picks and Flicks

Friday, December 23, 2011

Cybercrooks Stealing Facebook Likes to Build Scam Credibility

Cybercriminals are a crafty bunch.

Many of us are familiar with the strategies they use in order to build credibility for their scams: asking you to like their page, demanding that you post a comment in favor of their “special offer “or flashing the logo of a reputable organization.

Now it appears that scammers are realizing that they don’t need your cooperation in order to gain more Facebook likes – they can just steal someone else’s!

Yes, researchers at Zscaler have found that cybercrooks are now coding Facebook Like widgets on their scam pages to display the number of ‘Likes’ for a completely different website that has a large number of Facebook likes.

Work from Home Scam PageAccording to the post by Julian Sobrier at Zscaler, internet scammers had created a fake page that was set to look like a newspaper article covering a work-from-home opportunity.

In addition to faking endorsement from multiple news companies, the crooks had embedded the Facebook Like widget from CBS’s Facebook page to make it look like over 214,000 users had recommended their work-at-home scam story to their Facebook pals.

Typically scammers post a screenshot of a Facebook ‘Like’ widget, so this technique is fairly new. Rest assured that it’s likely that we’ll be seeing a lot more of it.

While there are a *few* work from home jobs that are legit, majority of them are nothing more than a big fat scam. Don’t fall for it!

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Keeping Your Android Phone Safe from Malware

Evil Android... ahhhhhh!!I’m an Android user.

Like many other Android users, I’ve taken notice to reports that Android malware is on the rise and take precautions to make sure a malicious program doesn’t take my smartphone (or personal data) hostage.

Just like the malicious files and programs that attempt to make their way onto our PCs, malware targeting Android phones often gain entry by using underhanded tactics like posing as legitimate apps.

With that said:

How to Spot Malicious Android Apps

  • Checking the number of downloads and reviews.
    If an app is claiming to be a popular gaming app, say Angry Birds, then the app statistics should reflect the game’s insane popularity by displaying over 50,000,000+ downloads and nearly a million user reviews. If it doesn’t then it’s likely a malicious application in hiding.

  • Always check the name of the developer.
    Since the bad guys tend to copy the look and feel of popular apps in order to trick unsuspecting users into downloading malware, it’s a good idea to check and make sure that the right developer is offering the app. Not sure who created that popular gaming app you love?  Take a moment to Google it!

    If you’re going to download a paid app, researchers at F-Secure offer this advice:
    A useful tip for users out there is to search for the paid version of the app and take note of the developer's name. If the name on both paid and free versions matches, then it is very likely to be a safe app. Otherwise, don't proceed with the download. 

  • Scrutinize app permissions BEFORE clicking 'accept & download'.
    Whenever you click the 'Download' button for an app, you are shown a page that lists the permissions that you will need to grant the app in order for it to work. Be sure to carefully review all of the permissions that the app is requesting and make sure they are within reason. For instance, why would a free game app have “Services that cost you money: send SMS or MMS” listed under permissions?!

  • Only download apps from trusted sources.
    This can be very tricky considering that the official Android Market is not available in all countries (like China, for instance) and Google doesn’t even bother reviewing apps that are submitted into the official Android Market. While it’s true that some ill-intended developers have snuck their naughty apps into the official Android Market, Google does take notice and will remove them as needed. With that said, do a little research in your country to find out the safest Android market to get your apps and be vigilant when selecting apps to download. If you're not comfortable with the official Android Market, maybe it's time you check out Amazon's Android market.

For the record, a few developer names that have been linked to malware apps are Logastrod, Miriada Production, Eldar Limited, Myournet, Kingmall2010, & we20090202.

Stay safe, my fellow Androidians!

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Thursday, December 22, 2011

Even Nigerian Scammers Admit Advanced Fee Schemes Are All "Lies and Deceit"

Mmm.. SPAM.We must always take the time to appreciate the little things in life.

Like the irony of the Nigerian scam email shown below, posing as a letter from Carman Lapointe-Young, Under-Secretary General at the United Nations Office of Internal Oversight Services, who’s allegedly reached out to return $10 million that was taken by corrupt bank officials once we pay the “Approved Notarization fee.”

Why is that ironic? Refer to the end of the first paragraph in the email. You know, where she explains how it was “all lies and deceit” when top bank officials request that you pay/send money to help them retrieve your funds:
From:    Mrs. Carman Lapointe-Young <INFO[at]UN.ORG>
Reply-to: mrs.carmanlapointe_young[at]

Internal Audit, Monitoring, Consulting and Investigations Division

From: Mrs. Carman Lapointe Young,

To: Fund Beneficiary,

This is to officially inform you that sequel to the recent high rate of criminal acts like scam, fraud, impostors and drug trafficking in Africa and sub-African regions, the United Nations secretary-general has delegated me (Mrs. Carman Lapointe-Young) as the Internal auditor, monitoring & investigation division of the Office of the Internal Oversight services (OIOS). I was delegated and nominated to come down to Nigeria to make sure that fund beneficiaries like you get their funds because the rate at which fund beneficiaries are being treated in this country is not good, some of them has lost everything they have, rendered homeless and some declared bankrupt because the top bank officials continuously ask beneficiaries to pay/send money to them as they claimed that they are from one big offices & will help you get your fund but all these was just lies and deceit to make you believe them.

As of last two days I arrived in Abuja, Nigeria and I have met the president Goodluck Ebele Jonathan as directed by the UN secretary-general Mr. Ban Ki-Moon, the president has issued an approvals for me to work in collaboration with the Economic & Financial Crimes Commission to make sure you get your compensation & approved fund urgently, it was resolved by the president and UN that you are only required to pay only the Approved Notarization fee before you will get your compensation fund valued US$1O MILLION by the British government and the International Credit Settlement (ICS).

Sincerely, as I just arrived the country, I went through your payment file to discover that the top Nigerian & British officials/bank that was supposed to pay you rather decided to embezzle the fund, divert it to their personal account and they are working with some top political officers to frustrate you but you must be rest assured 100% that once I hear from you with the required Notarization fee, you must get your fund because every other fee has been waived off by the United Nations and the president.

I have been given few weeks to make sure you get your fund, so it will be better if you respond to this email urgently and I will advise you on how best to get your fund urgent after the notarization fee payment’s settled.

Yours Sincerely,

Mrs. Carman Lapointe Young
United Nations Under-Secretary
General for Internal Oversight.

Although Carman Lapointe-Young is a real person that actually works for an organization called  Office of Internal Oversight Services (OIOS), she's not really the person that's emailing you. Nigerian scammers often use the names and details of real officials in hopes of building credibility & help persuade targets to do as they're asked.

With that said, if you receive the email above or one similar to it, it's strongly recommended that you do NOT respond, do NOT give out any of your personal or financial information and do NOT send any money.

Instead, you are advised to do one of the following:

  • Ignore the email and delete it.

  • Forward the email to SpamCop. Be sure to include the full email headers.

  • Forward the email to the Federal Trade Commission at Again, be sure to include the full email headers.

If you’ve fallen for a Nigerian scam, you can file a complaint with the FTC.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Photo Credit: janetgalore

Is It Time to Throw That Java Out?

JavaIt seems every time we turn around cybercriminals are uncovering a new vulnerability within Java that allows them to infect our PCs with malware.

Combine that with the fact that many of us fail (or forget) to update Java to patch known vulnerabilities and you can’t help but begin to wonder: is it really worth having Java installed on our computers?

Keep in mind that we’re talking about Java here, which is not to be confused with JavaScript. JavaScript is used on most of the websites you use on a daily basis (like our site :-)). Java & JavaScript may share a similar name, but they are totally different.

Knowing that cybercriminals often exploit vulnerabilities within Java in order to carry out their evil-doings, users have to either keep a close eye on Java updates to make sure they’re running the most recent version or remove Java from their PC altogether.

But can you live without Java on your PC? Most likely.

If you frequent sites or use programs that require Java, you could minimize your chances of attack by disabling the Java plugins in your most frequently used browsers and dedicate a browser to be used solely for (trusted) websites that call for it.

Google’s increasingly popular Chrome browser has been known to keep some Java attacks at bay, not to mention it doesn’t use an Adobe Reader plugin in order to view PDF files. So if you’re wondering what browser would be best to use for Java-rich sites, you may want to consider using Chrome.

Aside from removing Java or disabling the browser plugins, it’s a good idea to run antivirus and anti-malware software on your PC that offers real-time scanning for that must-have layer of protection.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Wednesday, December 21, 2011

Spoofed eBay Pages Offer Cheap iPhone 4S to Steal Personal Information

eBayFor those of you that’ve been scouring the internet in hopes of finding an awesome deal on a new iPhone 4 S, it’s strongly advised that you keep your eyes open and mind ready to trust your gut instincts.

Security researchers at TrendLabs have discovered a rather elaborate phishing scam where cybercrooks have carefully spoofed eBay webpages in hopes of tricking people into handing over their personal information.

In the attack, the victim is presented with what appears to be an eBay page offering the iPhone 4S at a deeply discounted price that appears to be offered from a seller with a positive feedback rating.  Aside from the ‘Buy it Now’ option, all of the links on the phishing page are said to point to the legitimate pages.

eBay Phishing Scam

Once a victim clicks on the “Buy it Now” button, they will be taken to a fake login page that asks for personal information like their name, address and email. Upon sending the requested information, the victim will see a confirmation screen that states an invoice will be sent to them with payment details and that they should contact the seller scammer via email.

Of course, anyone that actually uses eBay will notice that this typically isn’t the way that business is done on the auction site.

Despite the effort that the crooks have put into setting this scam up, there are ways you can spot it when you see it:

  • The fraudulent eBay pages are not hosted on the “” domain and instead they’re hosted on a domain that is followed by “/” (or some variant of it). Example:

  • The fake page lists the price in EUROs (or another foreign currency) while the real page is listed in USD.

  • The fake page offers the iPhone 4S at a deeply discounted rate.  Considering the iPhones 4S retails at a minimum of $649 ($849 for the 64GB version), I doubt anyone would be selling a new one for hundreds less.

Keep your eyes peeled when shopping for deals online and remember the golden rule, “If it appears too good to be true, then it probably is.”

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Photo Credit: Mike Knell

Bogus SMS Alerts Phish for Fifth Third Bank Account Information

Do you have your bank account configured to send you important alerts via text message?

If so, you may want to exercise caution when responding to alerts and do your research to verify their legitimacy.

Fifth Third Bank has issued a warning to the public, stating scammers are sending out fraudulent text messages and phone calls posing as an alert that the recipient’s card has been locked.

Targets are being instructed to call a number, at which point they will be asked to disclose personal and financial information.

Fifth Third Bank has provided examples of the bogus messages to help consumers spot them as they arrive:
Fifth Third Bank alert. Debt card locked. Call XXX-XXX-XXX

Fifth Third B. Message. Your card has been locked. Call XXX-XXX-XXXX to unlock it.

FifthThirdB MJVA alert 119471.Please call (XXX)XXXXXXX

*Please note that different phone numbers are used and the phone number typically is not in service for more than a day.

If you receive a message similar to the ones shown above, Fifth Third Bank recommends that you do one of the following:

  • Do not respond.

  • Delete the message from your cellphone.

  • Check the legitimacy of the message by calling the number on the bank of your credit/debit card or the number on your most recent billing statement.

  • If the message appears to be from Fifth Third Bank, forward it to so they can track the phishers and shut down their operations.

If you’ve already fallen for the scam, you’re strongly advised to contact Fifth Third Bank Customer Service immediately at 1-800-676-5869.

For the record, Fifth Third Bank will never ask you to verify personal or financial information – including account numbers, passwords, pins, and social security numbers – via email, phone or text messages.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Tuesday, December 20, 2011

Did You Receive a FedEx Delivery Failure Notification Email? Don't Open It.

Although cybercriminals have been sending fake package delivery notices for months, the malware-infested spam messages still pose a huge risk for recipients.

With Christmas on Sunday, it’s highly probable that folks are still waiting for last minute gifts to arrive in the mail and will be on high alert to make sure they show up without any issue.

While standard procedure is to refer to the “Sorry we missed you!” note left on the door by the delivery guy, some may simply have too much on their mind and find themselves caught with their guards down when they see the fraudulent delivery failure notification in their email inbox.

Unfortunately, that leaves them susceptible to opening the malicious file attachment, “FedEx”, which is likely Trojan.FakeAlert, gift-wrapped and ready to be opened by an unsuspecting victim.

So, if you see this email, delete it immediately WITHOUT opening any of its contents:
From: FedEx (info[at]
Subject:  FedEx Delivery Failure Notification


Unfortunately we failed to deliver the postal package you have sent on the
14th of December in time because the recipient's address is erroneous.

Please print out the shipment label attached and collect the package at our

FedEx Inc.

FedEx was kind enough to post examples of additional spam emails that cybercriminals are sending out in hopes of stealing login credentials and spreading malware. Be sure to take a moment & check them out.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Buy of the Week: Nylon Notebook Case w/ Shoulder Strap for only $16!

This offer expired on December 23rd, 2011.

Notebook CaseProtect your notebook while on the go!

This notebook case offers an affordable solution to carry your notebook and its accessories in a durable and convenient design.

The notebook compartment is padded and reinforced, protecting your 14.1-inch notebook or smaller from shock and impact. A top handle and shoulder strap are included, letting you easily carry your equipment where it's most comfortable to you!

For a limited time, you can order a Nylon Notebook Case w/ Shoulder Strap for only $16, plus shipping!

Nylon Notebook Case w/ Shoulder Strap Features

  • Black color

  • Zippered briefcase design

  • Canvas exterior material

  • Nylon internal material

  • Fits most notebook computers up to 14.1-inches in size

  • Padded notebook compartment with straps protects against impact

  • Storage compartment with hook and loop fasteners on zippered front panel

  • Interior compartments for pens, business cards, and travel accessories

  • External zippered compartment for files and documents

  • Shoulder strap and top handle

Call (619) 325-0990 to order your Nylon Notebook Case w/ Shoulder Strap today!

Offer valid until December 23rd, 2011.

This offer expired on December 23rd, 2011.

Facebook Scams Now Serving Malicious Browser Extensions

If you recently fell for a scam on Facebook and find that you’re now spamming your friends and family with the same scam, you may want to double check your browser for rogue extensions.

Facebook scams are fueled by their victims, who fulfill the request to share a page, post a comment, watch videos or complete surveys in hopes to earn free gift cards to popular establishments like the Cheesecake Factory,, Costco or get more details on a juicy celebrity story.

Now it seems that cybercriminals have thrown browser extensions into the mix, which they disguise as a required video plugin to watch that scandalous video or a browser plugin that will allow you to print out vouchers for a free meal at the Cheesecake Factory.

How it Works

The scam draws victims in with posts similar to this one:
Eat at Cheesecake Factory for FREE!! (limited time only)

Cheesecake Factory is currently giving away $100.00 dinner vouchers to all facebook users!! Claim yours before they are all taken!

Malicious Firefox PluginUpon clicking the link advertised, you will be taken to a page that asks you to post the offer to your profile and download a browser plugin called “Free Cheesecake Factory” for Chrome (.crx file) or Firefox (.xpi file) in order to print their free meal voucher.

However, once the malicious extension is installed, the extension will load a script from another website that is used by the browser that connects to Facebook. From there, the code will create posts and message your friends on your behalf advertising the very same scam you fell for, along with any other spam or malware the cybercrook sees fit.

How to Remove the Plugin

Unless you want to be blocked or unfriended on Facebook, it's a good idea to remove the malicious plugin from your browser.

For Firefox users:

  1. Click the orange ‘Firefox’ tab at the top of your browser window.

  2. Select ‘Add-ons’ in the right navigation menu (it has a blue puzzle piece icon next to it).

  3. Click on the ‘Extensions’ option.

  4. Look for the ‘Free Cheesecake Factory’ plugin and click the ‘Remove’ button next to it.

  5. Restart Firefox.

For Chrome users:

  1. Click the gray tool icon on the top right.

  2. Hover over the ‘Tools’ option and click ‘Extensions’

  3. Look for the ‘Free Cheesecake Factory’ extension and click ‘Remove’.

  4. Restart Chrome.

Once you’ve removed the plugins, it may be a good idea to go through your Facebook profile and remove any posts that the extension created, apologize to your friends accordingly, and be sure to avoid any scams in the future.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Friday, December 16, 2011

If Santa Were on Facebook [INFOGRAPHIC]

If he was on Facebook, there’s no doubt that Kris Kringle (aka Santa Claus) would be the most popular person on there.

Children would be blowing up his inbox and Facebook wall with their Christmas wishlists and parents would be doing the same. Now, whether it’s to help convince St. Nick their child is being honest or tossing in their own wishlist is still up for debate.

But what would Santa and the gang post or share?

According to this funny infographic by Flowtown, Santa would keep us all entertained by sharing pictures of the new sleigh, checking himself into multiple countries on December 25th and throwing a funny comment as necessary.

Check it out:

Facebook at the North Pole

Don’t forget to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.

PC Slow on Startup? Check What Programs Start When Windows Starts

Windows Start ScreenDoes your PC seem to be dragging its feet on startup?

If so, it may be time to take a peek at what programs are set to run when Windows starts up and disable the unnecessary junk.

Often times we tend to blow through the installation process and inadvertently allow programs to run on startup by completely missing the opportunity to uncheck the “Start program when Windows starts” box.

Then again, some programs tend to help themselves by not presenting any start related options at all during installation and simply set a list of items to fire up once we power up our machines. (*cough* AdobeCreativeSuite*cough*)

Thankfully it’s not difficult to remove these privileges and you don’t have to rummage through the preferences for each and every single piece of software on your computer in order to do it.

All you need to do is launch Windows System Configuration Utility (msconfig.exe).

Disable Unnecessary Programs in Windows Startup

To access the Windows System Configuration Utility (in Windows 7), do the following:

  1. Click the Start Menu orb.

  2. In the ‘Search programs and files’ box, type msconfig and select the ‘msconfig.exe’ option.

  3. Click the ‘Startup’ tab in the System Configuration window that pops up.

MSConfig Window

In the ‘Startup’ tab, you will see a list of applications that are currently set to start when Windows loads.

You can disable programs from launching at start-up by unchecking the checkbox next to the appropriate application.  Just be sure that you don’t disable any antivirus or firewall applications, otherwise your PC will be vulnerable to attack.

When you’re done making changes, hit ‘OK’ and select whether or not you want to restart now or manually restart later. The changes made will take effect the next time you restart your PC.

Don’t forget to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.

Photo Credit: acidpix

Look Before You Click! Spammers Abuse Google Open Redirect

Redirecting..It’s becoming more and more crucial that you look before you click.

Spammers are using Google’s open redirect in order to help their emails slide past spam filters and hide the destination website from the recipient.

For those of you who don’t know, an open redirect is a URL that redirects to a second URL. The second URL is visible in the first URL and can be changed to make the redirect point to an arbitrary website.

Here's an example:

Unfortunately not all redirect URLs are that obvious.

Solera Labs shared a redirect URL that shows how spammers are abusing Google open redirect in order to link unsuspecting users to a website that’s serving rogue antivirus software.

Google Open Redirect Example

Upon first glance, the link appears safe due to Google’s domain name. However, once it’s clicked, the user would be redirected to the domain, and then routed to various IP addresses before finally being served scareware by the name of “Fakealert.”

By using a Google open redirect, spammers are able to take advantage of Google's trustworthy reputation in order to bypass spam filters that would otherwise block their email due to links pointing towards blacklisted domains.

Despite the dangers lurking within open redirect, Google has excluded open redirects from their well-known bug bounty program since users can be tricked into clicking a link without the help of a redirect.

That being said, it is imperative that users closely inspect URLs before clicking on them to avoid being redirected to harmful websites.

If you’re wondering whether or not you should follow a link, you may want to run it through a URL scanner first. Here are a few that you can use:

Note: I provided services that can be used without downloading any sort of browser add-on. If you have suggestions, feel free to share them below!

Don’t forget to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.

Thursday, December 15, 2011

Adobe to Release Fix for Reader 9.x & Acrobat 9.x on Friday

Adobe Reader PatchAdobe plans on releasing a fix on Friday for Acrobat 9.x & Reader 9.x that will fix a 0-day vulnerability that was discovered just over a week ago.

Adobe wrote, "We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on December 16, 2011. "

The patch will address a U3D memory corruption vulnerability that could cause a crash and allow an attacker to take remote control of a compromised machine.

The vulnerability is currently being exploited in limited, targeted attacks in the wild. So far the primary targets have been computers belonging to defense contractors.

Although the vulnerability affects multiple versions of Acrobat & Reader across multiple platforms (Windows, Mac & UNIX), Adobe focused on releasing a fix for the Acrobat 9.x and Reader 9.x on Windows first since those are the versions actively being targeted.
“We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012.”

Users with Adobe Reader X & Adobe Acrobat X can utilize the Protected View feature in order to safely view PDFs until the fix is released in January.

Feel free to check out the updated advisory.

Don’t forget to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.

BBB Urges Parents to Inspect 'Dear Santa' Websites

Dear SantaParents who intend on letting their kids send a letter to Santa Claus should make sure that their child’s information doesn’t end up in the wrong hands.

There are over 60 Santa-related websites offering kids the ability to send ol’ St. Nick a message, whether it’s by snail mail or email.  Some sites do it out of the kindness of their hearts (and Christmas spirit!), while others hope to cash in by charging fees upwards of $15.

While some of these sites may not pose a risk to a child’s privacy (or identity), it’s still critical that parents conduct a thorough review of whatever website they intend to let their child visit.

“Parents need to make sure the sites aren’t seeking to exploit their children,” Jim Camp, president & CEO of the Better Business Bureau warns, “Some sites may be preying on children’s innocence to obtain private information that can be used in identity theft or other schemes.”

As horrible as it is, child identity theft is a growing problem. According to the Carnegie Mellon Cylab report conducted back in April, children are targeted for identity theft 51 times more frequently than adults. Therefore, parents must take all the necessary precautions to protect their child’s identity.

To help protect your child’s privacy, the BBB urges parents to:

  • MistletoeCheck whether the website shares information with third parties, including advertisers, and whether the company publicly discloses the information or retains the information for any future purpose.

  • Determine that children are asked to share no more information than is reasonably necessary to participate in the activity — a first name and email address, for instance.

  • Limit the personal information children share with Santa and omit physical addresses. Children may be told that Santa already knows where all the children live.

  • Check sites for unwelcome content. Some sites are geared toward adults and may contain language or advertising that parents may not want children to see.

  • Click on hyperlinks in the website to assure that children don’t access inappropriate content.

Of course, it’s also recommended that you protect your PC from data stealing malware by running up-to-date antivirus software that offers real-time scanning.

Happy Holidays, folks!! :)

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Photo Credit: hvnly

Tuesday, December 13, 2011

$500 Amazon Gift Card Survey Scam Hits Facebook

Amazon seems to be the ‘it’ company for internet scammers, who have now launched a new survey scam using the online retailer’s name.
Amazon Gift Card Offer Spam Message
One Free Gift Card (limited time only)
Amazon is currently giving away gift cards to all facebook users. Click here to get one! http://

The scam offers a “free” $500 gift card to anyone that’s willing to share the scam with their peers and post a comment on the page to help the scammer build credibility for the offer.

Amazon Gift Cards Remaining

Of course, scammers are never satisfied with a measly share & comment!

Once you've completed step 1 and 2 on the initial landing page, you're redirected to another website that starts off slow by asking for your zip code.

Amazon Gift Card Scam The cybercriminals behind this scam don’t benefit profit from their little setup until you complete 13 “reward offers” and convince three friends to repeat your mistakes.

According to the terms & conditions  that make up for about a third of the page, “Completion of reward offers most often requires a purchase or filing a credit application and being accepted for a financial product such as a credit card or consumer loan. “

And to no surprise, “Failure to submit accurate registration information will result in loss of eligibility.”

How to deal with the $500 Amazon Gift Card Scam

If you’ve shared this scam:

  1. Remove the link from your Facebook wall by clicking the ‘x’ in the top right corner.

  2. Remove the history of your comment on the scam page from your Facebook wall.

  3. Warn your Facebook friends & family not to share this scam or complete any of the “reward offers” associated with it.

If you catch one of your Facebook friends sharing this scam:

  1. Let them know that it’s a scam and recommend that they follow the steps outlined above.

In addition to this new Facebook survey scam, cybercriminals are also using Amazon's brand in numerous spam campaigns that contain malicious file attachments, attempt to steal financial information, or link the recipients to dangerous websites that deliver malware.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

How to Spot a Fake (& Potentially Dangerous) Image Link

Computer BugA couple of warnings were posted yesterday, cautioning Facebook users to think twice about clicking on any image links shared via Facebook chat and wall posts as they may lead them to malware-laden websites.

Some of the phony image links were said to be spreading malware identified by Kaspersky antivirus as HEUR:Trojan-Downloader.Script.Generic.

Seeing how the Heur Trojan is known to unleash a world of digital hurt on PCs, like modifying system files, altering the settings for certain browsers, opening a backdoor to download additional malware and allow remote control of your PC, among other things, I think it's safe to say that you definitely don’t want to wind up with it on your computer.

So that's all fine & dandy that you've been warned, but how can you tell if the image link is real before it’s too late?

When malware dresses up as an innocuous link..

Let’s take a look at the malicious link provided in the alert posted on Facecrooks:

At first glance, the link above should throw up a red flag in the back of your mind. Typically an image link will end with “.jpg”, “.gif”, “.png”, or “.bmp” as those are the most commonly known file formats.

The sample provided above merely ends with a directory name, which is “img”. (Don’t confuse it with “.img” files, which are a disk image file type and was used by older Macs until it was replaced by the .DMG disk image format.)

When a specific file is not listed in a URL, the default page that is served is usually “index.html”, which in this case was rigged to deliver the Heur Trojan to the victim.

So, at the very least, make sure the URL ends with the proper file format before clicking.

But wait! Things may not always be what they seem..

Now, just because a link ends with the proper file format doesn’t mean that it’s safe.

The sample link provided in the warning posted on LookatVietnam shows us a sneaky trick cybercriminals use in order to make us think a link is safe.

Here’s the sample link they provided:

As you can see, this link has the potential of leading a lot of people to believe that it’s a harmless link pointing towards a .JPG file, which is a common image file format.

Sample Facebook ChatThe bad guy behind this malicious link used a URL parameter, “?4e8doj5-Picture-43.JPG “, in order to disguise the true file that users were being directed to. The real target of this link is the “dn2.php” page that’s in the ‘cache’ directory of the website. Again, the ‘dn2.php’ page was rigged to deliver the payload once it was visited by the victim.

Ahah! They're busted and your PC has been spared!

By closely inspecting links before clicking them, users can steer clear of malicious websites and in turn, reduce the chances of their computers being infected with malware.

In addition to exercising caution, users should always run antivirus software on their PC, keep system software up-to-date and avoid downloading any files attached to unsolicited emails.

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Photo Credit: Digital Magic Photography

Monday, December 12, 2011

Scammers Buy Misspelled Wikipedia Domains, Setup Survey Scams

Type URLs in carefully!Are you prone to making mistakes when typing URL’s into your browser?

If so, you may wind up visiting the spoofed version of the website that you were intending to visit.

Typosquatters snatch up misspelled versions of popular domain names in hopes of catching visitors that accidentally mistype the target website’s URL in their browser.

By setting up fraudulent websites that closely resemble their legitimate counterparts, cybercrooks hope to capture login information when victims attempt to access their accounts or obtain personal information from the end-user with the help of a survey scam.

Daniel Wesemann posted an example of a spoofed site configured to do the latter on the SANS Internet Storm Center blog this morning.

In his post, Wesemann warned that cybercriminals had nabbed several misspellings of Wikipedia and set the erroneous domains to all redirect to survey scams in order to harvest the sensitive details of anyone who happened to mistype their way to the booby-trapped domains.

The domains promoting survey scams include:






Like any other survey scam out there, victims are promised a hot commodity item, like an iPad 2 or a gift card to a popular retailer in exchange for their confidential information. However, hidden in the block of fine print at the bottom of the page are the conditions that you must accept, which in this case involves your personal information being shared with third-party companies that will be more than happy to send hoards of spam to you via email, snail mail and SMS.

This isn’t the first time that typosquatters have taken advantage of the sloppy typing of folks trying to visit a popular website. Just earlier this year, Twitter shut down the site,, which was using the Twitter brand and survey scams to finagle personal information out of unsuspecting visitors.

Do you double-check the address bar before entering sensitive information?

Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

Photo Credit: Marcie Casas

Buy of the Week: Register a new DOMAIN name for only 99¢!

This offer expired on December 16th, 2011.

DomainsDo you want your own domain name, like

Domain names can help businesses build credibility and make it easier for you to market or share your personal website.

Until December 6th, you can register a new domain name through Hyphenet for only 99¢! Call us at (619) 325-0990 to order.

Register a new domain name for only 99¢!

  • 1-year domain registration.

  • New domain registrations only, offer not valid for renewals.

  • Limit of 5 domains per person.

  • You can register .com, .net, .org, .biz, .info - among others!

Don't miss out on the chance to get your very own custom domain for only $0.99! Call (619) 325-0990 today!

Buy of the Week offer valid until December 16th, 2011.

Some restrictions may apply.

Photo Credit: ivanpw

This offer expired on December 16th, 2011.

Friday, December 9, 2011

The History of Text Messaging [INFOGRAPHIC]

Did you know SMS turned 19 recently?

Neil Papworth sent the first text message back on December 3rd, 1992. Papworth used his personal computer to send a cheerful (and 3-week early) “Merry Christmas” text message to the phone of Richard Jarvis.

Although the adoption seemed quite slow – with Americans only sending an average of 35 text messages per month by 2000 – we eventually blossomed into text-crazed fanatics that can’t resist sliding a text message in class, at work, or even while driving.

I mean, seriously, we’re so obsessed with texting that we hold text-messaging competitions that pay out RIDICULOUS amounts of money to the winners!

This infographic by Tatango beautifully illustrates how text messaging forever changed the way we communicate. [I know I'm not the only one who texts more than they call! ;)]


Don't forget to follow us @hyphenet on Twitter & liking us on Facebook! We share the latest tech news, PC security headlines and infographics we like.