Tale of a Man Who Bought Details of 1.1 Million Facebook Users for $5

How protective are you of your information?

Many of us share our contact information, current location and everyday thoughts on our Facebook profile without ever considering the possibility of that data ending up in the wrong hands.

Even more alarming is how easily said data can be collected and sold to anyone that’s willing to pay. The sales price doesn't have to be high, either.

As Bulgarian blogger and digital rights activist Bogomil Shopov recently discovered, a handy $5 can fetch the information tied to 1.1 million Facebook users.

According to his blog, Shopov purchased the list containing Facebook names, user IDs, email addresses, and vanity URLs from someone off Gigbucks for $5. In the description, the seller wrote that the data had been collected through Facebook apps, only included active users, and had great potential for anyone looking to offer a social media product or service. Spammers could also find this list useful, of course.

Shortly after making his purchase, Shopov was contacted by Facebook and instructed to send them the file, give them all the purchase details, disclose whether or not he’d shared it with anyone else, and promptly delete any copies he had. Oh, and don’t tell anyone what happened. We see how that went.

After conducting an investigation, Facebook determined that the information was collected by scraping public information and not through an app as the data seller claimed.

There was a bit of doubt that the information was scraped and not app-provided given that Shopov said that some of the email addresses he checked were not publicly displayed; however, it’s possible that the email addresses were visible at some point.

So what should we take from all of this? Well, if you’re a Facebook user, you should definitely:

• Make sure your privacy settings are configured correctly (aka nothing is "public") to minimize the chances of your personal information being scraped from your profile.


• Pay attention to what apps you install on your Facebook profile and ultimately give unlimited access to your information.

Failure to lock down your Facebook profile could lead to your data being sold, email address being added to a spammer's mailing list, or maybe even the loss of your job.

[via Forbes]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Hurricane Sandy to Bring Strong Winds, Flooding Rains and... Internet Scams?

Hurricane Sandy is bringing a lot to the table: 90+mph winds, heavy rain, floods, and even a foot or three of snow in certain areas.

While those within the storm’s path have taken the necessary precautions to protect their family & homes, there are dangers that will pose danger to those who are far beyond the storm’s designated area.

“If the past repeats itself, Facebook postings, tweets, emails, and websites claiming to have exclusive video or pleading for donations for disaster relief efforts will appear shortly after the storm hits,” Deborah Salmi of Avast! Antivirus warned in a Monday blog post. “These messages often include malicious code that attempt to infect computers with viruses, spyware, or Trojan horses.”

It's true. Cybercriminals often use major news events – such as natural disasters or celebrity deaths – to lure users to malicious sites rigged with drive-by-downloads serving malware or phishing scams to steal personal/financial information.

The more tenacious scammers may even part-take in what’s referred to as “black-hat SEO” (search engine optimization) to help their booby-trapped websites appear near the top of search engine rankings.

Don't Fall Victim to Hurricane Sandy Scams

Users are advised to follow these tips to avoid falling for Hurricane Sandy internet scams:

• Be wary of unsolicited emails that urge you to download files or click links to view pictures of the disaster area. There’s a pretty good chance that the attached file will contain malware and embedded links lead to malicious websites.


• Do not respond to unsolicited emails asking for donations to relief efforts. If you want to make a donation to help those affected by Hurricane Sandy, go directly to the website of the charity you wish to donate to. You can also review BBB ratings to make sure you are contributing to a legitimate cause.


• If you're making a donation online, always double-check the URL in your browser's address bar before supplying any personal or financial information.


• Keep in mind that the majority of legitimate charity websites end in .org versus .com.


• Use a URL expander to investigate shortened URLS before following them.


• Proceed with caution when searching for disaster videos; cybercriminals often create fake video pages that ask you to download malware disguised as an Adobe Flash plugin/update. (Hint: You can use the Adobe website to verify you have the latest version of Flash installed in your browser.)

Did we leave any tips off the list? Feel free to share your words of wisdom the comment section below.

Stay safe, everyone!

Update: Hurricane Sandy Spam Has Arrived!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: Microsoft Windows 8 Pro (64-bit) for $142!

It's Windows re-imagined and reinvented from a solid core of Windows 7 speed and reliability. It's a touch interface. It's a Windows for devices. And it's easy to try now - whether you're installing it for the first time, or moving from Windows 8 consumer preview.

Until November 2nd, 2012, you can order Windows 8 Pro (64-bit) from Hyphenet for only $142, plus shipping!

Specifications for Windows 8 Pro (64-bit)

Operating System	Microsoft Windows 8 Pro
License Type	License and media
License Qty	1 PC
License Details	64-bit
Language	English
Media	DVD-ROM

Call (619) 325-0990 to order Windows 8 Pro (64-bit) today!

Buy of the Week offer valid through November 2nd, 2012.

Note: Shipping and taxes apply.

Need a different version of Windows 8? Contact us for pricing!

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Trojan Tags Along in "Your UPS Invoice is Ready" Spam

Spammers are once again sending out fake UPS notices in hopes of tricking recipients into downloading malware onto their computer.

The emails, titled “Your UPS Invoice is Ready” have spoofed headers to make it appear as though it came from a ups.com email address and urge the user to download the attached file to view and pay their new UPS invoice.

From: UPSBilling (RosannahColleen4g@ups.com)
Subject: Your UPS Invoice is Ready

UPS

This is an automatically generated email. Please do not reply to this email address.

Dear UPS Customer,

New invoice(s) are available for the consolidated payment plan(s) / account(s) enrolled in the UPS Billing Center
Please view UPS Billing Center attach document to view and pay your invoice.

(c) 2012 United Parcel Service of America, Inc. UPS, the UPS brandmark, and the color brown are trademarks of United Parcel Service of America, Inc. All rights reserved.

For more information on UPS's privacy practices, refer to the UPS Privacy Policy.
Please do not reply directly to this e-mail. UPS will not receive any reply message.
For questions or comments, visit Contact UPS.

This communication contains proprietary information and may be confidential. If you are not the intended recipient, the reading, copying, disclosure or other use of the contents of this e-mail is strictly prohibited and you are instructed to please delete this e-mail immediately.

Don't be fooled, though. The attached file (“UPS document.zip”) contains a variant of the Win32/Injector.XYG Trojan, not a copy of your UPS invoice. So do NOT download or open it!

Instead, it is recommended that you:

• Report the email to UPS by forwarding the email and its full headers to fraud@ups.com.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Hackers Hit Barnes & Noble, Steal Credit Card Data

If you have recently made a purchase at Barnes & Nobles, you will want to closely monitor billing statements if you used a credit card or change your PIN number if you paid using debit.

Barnes & Noble announced on Wednesday that hackers had broken into PIN pad devices used in 63 of its stores, resulting in the theft of credit card information, debit card information and debit card PIN numbers for anyone that swiped their debit/credit card when making a purchase.

Purchased made online or through NOOK mobile apps were not affected by this breach, and Barnes & Nobles stated that their customer database is secure. The breach is limited to the single PIN pad device tampered with in each of the affected stores.

Barnes & Noble has been working with federal law enforcement authorities to investigate the breach, along with banks and payment card companies to identify any accounts that may have been compromised and beef up security to prevent fraud.

All PIN pad devices were disconnected following discovery of the breach on September 14^th, and the company stated that customers can securely shop with credit cards through their cash registers.

Tampered devices were discovered at the following locations:

Store Address	City	State	Zip
4735 Commons Way	Calabasas	CA	91302
2470 Tuscany Street Suite 101	Corona	CA	92881
2015 Birch Road Suite 700	Chula Vista	CA	91915
313 Corte Madera Town Center	Corte Madera	CA	94925
5604 Bay Street	Emeryville	CA	94608
810 West Valley Parkway	Escondido	CA	92025
1315 E. Gladstone Street	Glendora	CA	91740
5183 Montclair Plaza Lane	Montclair	CA	91763
894 Marsh St Bldg G	San Luis Obispo	CA	93401
2615 Vista Way	Oceanside	CA	92054
72-840 Highway 111 Suite 425	Palm Desert	CA	92260
27460 West Lugonia Ave	Redlands	CA	92374
1150 El Camino Real Space 277	San Bruno	CA	94066
10775 Westview Parkway	San Diego	CA	92126
3600 Stevens Creek Blvd	San Jose	CA	95117
11 West Hillsdale Blvd.	San Mateo	CA	94403
9938 Mission Gorge Road	Santee	CA	92071
40570 Winchester Rd	Temecula	CA	92591
4820 Telephone Road	Ventura	CA	93003
1149 S. Main St.	Walnut Creek	CA	94596
470 Universal Drive North	North Haven	CT	06473
100 Greyrock Place Suite H009	Stamford	CT	06901
60 Isham Road	W. Hartford	CT	06107
18711 NE Biscayne Blvd	Aventura	FL	33180
333 N. Congress Avenue	Boynton Beach	FL	33436
152 Miracle Mile	Coral Gables	FL	33134
1900 W International Spdway	Daytona Beach	FL	32114
2051 N. Federal Highway	Fort Lauderdale	FL	33305
12405 N Kendall Drive	Miami	FL	33186
11380 Legacy Ave	Palm Beach Gardens	FL	33410
14572 SW 5th St Suite 10140	Pembroke Pines	FL	33027
11820 Pines Blvd	Pembroke Pines	FL	33026
5701 Sunset Drive Suite 196	S. Miami	FL	33143
700 Rosemary Ave Unit #104	West Palm Beach	FL	33401
1441 West Webster Avenue	Chicago	IL	60614
1130 North State Street	Chicago	IL	60610
5380 Route 14	Crystal Lake	IL	60014
20600 North Rand Road	Deer Park	IL	60010
728 North Waukegan Road	Deerfield	IL	60015
1630 Sherman Avenue	Evanston	IL	60201
1468 Springhill Mall Blvd	W. Dundee	IL	60118
170 Boylston Street	Chestnut Hill	MA	02467
96 Derby Street Suite 300	Hingham	MA	02043
82 Providence Highway	East Walpole	MA	2032
395 Route 3 East	Clifton	NJ	07014
55 Parsonage Road	Edison	NJ	08837
2134 State Highway 35	Holmdel	NJ	07733
4831 US Hwy 9	Howell	NJ	07731
23-80 Bell Blvd.	Bayside	NY	11360
176-60 Union Turnpike	Fresh Meadows	NY	11366
1542 Northern Blvd	Manhasset	NY	11030
160 E 54th Street (Citicorp)	New York	NY	10022
2289 Broadway	New York	NY	10024
33 East 17th Street (Union Square)	New York	NY	10003
555 Fifth Ave	New York	NY	10017
2245 Richmond Avenue	Staten Island	NY	10314
230 Main St	White Plains	NY	10601
97 Warren Street	New York	NY	10007
100 West Bridge Street	Homestead	PA	15120
800 Settlers Ridge Center Drive	Pittsburgh	PA	15205
1311 West Main Road	Middleton	RI	02842
371 Putnam Pike Suite 330	Smithfield	RI	02917
1350-B Bald Hill Rd	Warwick	RI	02886

Protect Your Account

If you have recently made a purchase at one of the affected stores, it is recommended that you:

• Closely review your billing statements for any unauthorized charges.


• Change the PIN number for your debit card if it was used during payment.


• Immediately notify your bank if you notice any unauthorized purchased and/or withdrawls.

Additional information can be found on www.barnesandnobleinc.com or by calling 1-888-471-7809 (8AM – 8PM EST). The related press release can be seen here.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Cybercriminals Use cPanel Spam to Phish for Website FTP Credentials

Pop quiz!

Let’s say that you get an email saying that your cPanel account may have been compromised and you need to sign into your FTP account to initiate a “security check” on it.

The email says it’s from “cPanel Inc,” has the cPanel logo, has a link that leads you to believe it points to the cPanel website, and warns that your domain may be suspended if you fail to respond within 2 business days.

Check it out:

Screenshot Credit: Barracuda Labs

From: cPanel Inc
Subject: Your Messages

cPanel

cPanel Message Center

Dear Customer

Due to our security upgrade to avoid multiple login and an unauthorized access to your online cPanel and FTP account we do require you to sign in your domain name and username and password for security check on your account and afterward we shall send a security code to your email as part of confirmation that your domain has now been properly verified and secured.

To process to confirm and verify your domain for this security check please click
http://www.cpanel.net/login
Failure to confirm your domain within 2 business days may lead to suspension of your domain if we observe any unauthorized login and may lead to total removal of the domain name from our system.

Cpanel Management

Now, should you:

1. Follow the instructions, click the embedded link and login to your account.


2. Open a browser window, manually access your website control panel and check for any security alerts.

If your answer was “A” then I have some bad news: you just fell for a phishing scam. Now would be a good time to change your website credentials, if you’re still able to.

What happened?

The link provided in the email leads to a (compromised) third-party website touting a fake cPanel login page.  Any credentials supplied will be sent off to the cybercriminals, and they can use that information to hijack your website and setup drive-by-downloads, phishing pages or whatever else their little black hear desires.

It is important to note that if something suspicious was going on with your account, you’d likely get an email from your web hosting company, not cPanel.

That being said, if you happen to receive an email like the one shown above, be sure that you mouseover any links to check the destination URL first, or skip any possibility of following a malicious link by manually typing in the web address you want to visit instead.

[via Barracuda Labs]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: HP Compaq 6005 Pro (SFF) for $590!

This offer expired on 10/26/12. Refer to top banner ad for active deals.

Packed with high performance features, the HP Compaq 6005 Pro Business PC is energy efficient and well equipped to go beyond meeting your daily business demands.

Until October 26th, 2012, you can order an HP Compaq 6005 Pro from Hyphenet for only $590, plus shipping!

Specifications for HP Compaq 6005 Pro (SFF)

MFR#:	A7L17UT#ABA
Processor	AMD Athlon II X2 B26 / 3.2 GHz ( Dual-Core )
RAM	4 GB DDR3
Hard Drive	250 GB (7200 RPM)
Optical Drive	DVD±RW (±R DL) / DVD-RAM
Graphics	ATI Radeon HD 4200 shared video memory (UMA)
Audio	Integrated Stereo
Networking	Ethernet, Fast Ethernet, Gigabit Ethernet
Operating System	Microsoft Windows 7 Professional
Warranty	3-Year On-site HP Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order HP Compaq 6005 Pro (SFF) today!

Buy of the Week offer valid through October 26th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This offer expired on 10/26/12. Refer to top banner ad for active deals.

What to Do When Your Twitter Account Has Been Compromised

Let’s say you’ve fallen for one of the many phishing scams that tend to circulate on Twitter and now followers are sending you messages asking why you’re tweeting about diet pills and sending them DM’s about how other people are spreading nasty rumors about them.

How do you stop the phantom tweets and get things back to normal?

1. Change your Twitter account password ASAP. You can do this by clicking the little gear icon and selecting ‘Settings’. You will see the ‘Password’ option in the left-hand navigation menu. Enter your old password, create a new one (make sure it’s a strong one with upper/lowercase characters, numbers & symbols) and press ‘Save changes.’


2. Review Apps that have access to your Twitter account. Assuming that you’ve just finished changing your password and you haven’t left the page, you can see the Apps connected to your Twitter account by clicking the ‘Apps’ link in the left-hand navigation. Carefully look over the listed Apps and hit the “Revoke access” button for any App that seems questionable.


3. Check your browser for malicious plug-ins and/or extensions. Given that there have been sightings of rogue browser plugins capable of posting spam on Facebook walls it’s not all that farfetched to believe the same can be done with Twitter. Therefore, it may be worth your while to double-check that no malicious plugins/extensions have been installed on your browser.


4. Scan your computer for malware. It’s a possibility that your Twitter account was compromised thanks to your computer being infected by a piece of malware prone to stealing login credentials. You know, like the Dorkbot worm that’s actively being spread via Skype? As they say, it’s better to be safe than sorry, so go ahead and do a full system scan with your antivirus program.


5. Delete the garbage tweets. After you’ve taken the necessary steps to protect your own Twitter account, help out your fellow Twitter users by deleting any spam updates posted by the scammer/bot and post a warning to your followers about what transpired.

Try to be more careful in the future! And yes, that means no clicking suspicious links (at least not without investigating them first) or entering your Twitter login right after clicking a link.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Cybercriminals Continue to Target Skype Users with Fake Voicemail Notices

Apparently Skype users are a favorite target for cybercriminals.

There have already been reports of an evil IM campaign infecting machines with the Dorkbot worm, and sightings of fake Skype password change notification emails, but apparently cybercrooks weren’t willing to stop there.

Just to make sure they catch as many Skype users off-guard as possible, spammers have begun sending out bogus Skype voicemail notices too.

At first glance, the emails will appear authentic – spoofed headers, Skype logo, pretty blue text, and no obvious grammar mistakes.

Unlike the Skype password spam, which used a malicious file attachment as its attack method, the fraudulent Skype voicemail messages use tainted links that will take the user to a third-party website rigged with drive-by-downloads.

Subject: You have a new voicemail
From: Skype (noreply@alerts.skype.com)

This is an automated email, please don’t reply.

Hi there,

You have a new voicemail

Sign in to Skype to listen to the message.

If you no longer want to receive email alerts about new voicemails, unsubscribe now.

Talk soon,
The people at Skype

Therefore, if you happen to receive an email claiming that you have a new Skype voicemail, we strongly urge you to take a moment to mouseover email links to make sure they actually point to Skype domain before clicking on them. Otherwise, you could be headed right into a cyber-trap!

[via GFI ]

Buy of the Week: Keyscan KS810-P Imaging Keyboard for $98!

This offer expired on 10/19/12. See top banner ad for active deals.

KS810 with enhanced functionalities scans variety of paper documents and 2"x3" smooth surface plastic cards up to 1mm thickness such as driver licenses, health insurance and ID cards.

Until October 19th, 2012, you can order an Keyscan KS810-P Imaging Keyboard from Hyphenet for only $98, plus shipping!

Specifications for Keyscan KS810-P Imaging Keyboard

MFR#:	KS810P
Device Type	Wired Keyboard with Built-in Scanner
Interface	USB (2.0)
Features	2-port Hi-Speed USB hub
Dimensions	19.3 in x 7.9 in x 1.2 in
Media Size	Paper/photos to 8.5" x 30" Smooth plastic cards up to 2" x 3"
True-optical Resolution	600 dpi
Output file formats	PDF, MS-Word, HTML, JPG, BMP, TIF
Compatible OS	Microsoft Windows XP SP2 or higher
Warranty	Limited 30-Day Keyscan Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order Keyscan KS810-P Imaging Keyboard today!

Buy of the Week offer valid through October 19th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This offer expired on 10/19/12. See top banner ad for active deals.

Malware Attack Hides Behind Fake CNN Alerts Stating Romney Has 60% Voter Support

Whenever cybercriminals create a malware spam campaign, they often write messages that they know will tap into the emotional side of the recipient.

By doing this, they can yield the best click-through rates for any embedded links pointing to malicious websites and highest number of possible downloads for file attachments laced with malware.

And what better way is there to evoke emotion than to discuss the 2012 U.S. Presidential Election?

Therefore, consider this your fair warning to be on the lookout for fraudulent emails purporting to be from well-known news media outlets featuring eye-catching electional headlines like the one below. It could be a trap to infect your PC with malware.

Screenshot Credit: Sophos

Subject: CNN Breaking News – Mitt Romney Almost President
From: CNN Breaking News (BreakingNews@mail.cnn.com)

CNN
Top Stories
U.S. World Business Sports Health Technology Entertainment Features

TOP STORIES FROM CNN.COM
More than 60 percent of votes will be in favor of Mitt Romney.
Republican Party’s candidate is taking the lead in the race with the current President, the Democratic Party’s candidate, Barack Obama.
....

To no surprise, none of the links within the email go to CNN.com. Instead, they point to a third-party website housing the widely-used BlackHole exploit kit that will attempt to exploit system vulnerabilities in order to place malware on your machine.

According to Sophos, should BlackHole fail to find a vulnerability to take advantage of, it will resort to social engineering tactics by redirecting you to a page asking you to download a bogus Adobe Flash Player update.

Executing the fake Flash Player update will open your system up to even more trouble as it attempts to connect to various sites to download additional arbitrary files.

How Can I Protect My PC from Spam Malware Attacks?

Given that there was an up-tick in malicious spam activity around the 2008 election, we are offering the following tips to help you keep your computer safe during this year’s election:

• Be sure to mouse-over email hyperlinks to check the true destination URL before clicking on them. This will help you determine if the email is legitimate or not, and will also help you figure out if you’re about to fall into a cyber-attack.


• Never download a file attached to an unsolicited email. This is a popular method cybercriminals use to infect machines with malware. At the very least, make the effort of scanning the file before you download it.


• Keep your operating system and installed software fully patched and up-to-date. This will close security holes & minimize the chances of a successful BlackHole exploit attack.


• Always remain vigilant when checking your email and using the internet. Spammers often exploit the brands of reputable companies to launch malware attacks, so take the time to scrutinize every email to look out for possible red-flags.

Aside from that, we always make an effort to post about spam & malware attacks, so feel free to subscribe to our blog (see top right), follow us on Twitter (@hyphenet), like us on Facebook, or circle us on Google+ to informed about the latest computer security threats.

Dorkbot Worm Spreading via Skype Instant Messages

If you use Skype to stay connected to family and friends, be careful that you do don’t fall for an ongoing malware attack that starts off with an instant message like the one below:

lol is this your new profile pic? http://goo.gl[REMOVED]?img=[USERNAME]

Upon clicking the link, users eventually land on a download page for a file named SKYPE_[TODAY’S DATE].zip, which contains a malicious executable (.exe) file that will install a variant of the Dorkbot worm on the victim’s computer.

Once Dorkbot has been successfully installed on a user’s PC, it will open a backdoor to grant an attacker remote control of the machine. The Dorkbot worm gives attackers the ability to recruit the computer into a botnet & part-take in DDoS attacks, steal login credentials for a variety of websites (Facebook, Twitter, Google, PayPal, Netflix, etc.), inject iFrames into webpages, or download additional malware.

There have been reports that Dorkbot infections may result in the user being locked out of their machine thanks to the worm’s tendency to select ransomware as its choice of additional malware to download. Upon installation, the ransomware will hold the computer hostage until the user forks over a $200 fee.

Given that messages spreading the Dorkbot worm can come from friends on your Skype contact list and not necessarily random strangers, users are urged to remain vigilant when following any links that have been shared with them.

Tips to Keep Your PC Dorkbot-Free

1. Exercise caution when following shortened links shared via Skype or social network websites. Here are some tips on how you can investigate urls before clicking on them.


2. Do not download files from unknown or untrusted sources, and don’t forget to scan files before opening them.


3. If you plug a removable storage device into your PC, be sure to scan it with your antivirus software. Dorkbot – among other pieces of malware – are known to spread via USB thumb drives.


4. Always run antivirus software & keep the virus definitions up-to-date.

[via TrendMicro]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Can People Find You on Facebook By Searching for Your Phone Number?

It’s understandable that anyone who has added their phone number to their Facebook profile and adjusted the privacy setting to “Only me” would assume that the information would be kept private, right?

Well, technically that information is kept hidden. It’s not visible whenever someone clicks your profile and views your information; however, people can STILL FIND YOU by entering your phone number into Facebook’s search bar.

The issue lies with the fact that there’s another privacy setting that seems to overlap the phone number visibility setting under the Contact Info section of your Facebook profile.

The specific setting in question, “Who can look you up using the email address or phone number you provided?” can be found under the “How You Connect” section on the Privacy Settings page. Apparently it is set to “Everybody” by default.



It is recommended that you select one of the other two options, “Friends” or “Friends of Friends” – unless, you know, you don’t mind people performing reverse phone number look-ups on you.

Have you entered your phone number to Facebook? Are you concerned about people searching your phone number on Facebook to find your profile?

[via Sophos]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Ransomware Variants Are Vocal About Their Demands

You know what would really suck?

If your computer was infected with ransomware that not only locked you out of your machine, but repeatedly blasted an audio file that states the reason why you’re locked out is because you violated some copyright laws & you’ll have to fork over some cash to regain access to your files.

Oh, wait.... that could totally happen.

For the past few months, cybercriminals have begun increasingly using ransomware to extort money out of unwitting end-users. Typically the user is just shown a message accusing them of anything from illegal file-sharing to viewing child pornography, denied access to use their computer for anything more than an oversized paperweight and instructed to pay a hefty “fine” to regain access.

According to TrendMicro researchers, new variants of ransomware add a “non-malicious” .MP3 file to the mix, which will undoubtedly drive users even more insane as it repeatedly informs them that their system is blocked because they violated federal laws and that they’ll have to pay a $200 fine to make it all go away.

TrendMicro detects the new threats as TROJ_RANSOM.CXB and TROJ_RANSOM.AAF. The message displayed to the end user is shown below:

Screenshot Credit: TrendMicro

Removing ransomware varies from infection to infection; it all depends on how the author configured the malware to lock you out.

Regardless how the ransomware operates, users are urged not to pay the cybercrook to have their PC “unlocked.” There’s no guarantee that the cybercriminal will follow through with their promise to unlock your machine, and 9/10 the payment method used eliminates any possibility of retrieving your funds in the event that they don’t keep their word.

Instead, do what you can to prevent the infection in the first place, and if your PC does wind up getting infected, you can either research the removal steps for the specific piece of ransomware on your machine, or take your computer to be repaired by a professional.

How to Keep Your PC Safe from Ransomware

• Keep your operating system and installed third-party software patched and up-to-date.


• Always run antivirus software that offers real-time scanning features, and be sure to keep the virus definitions current.


• If you don’t need or use it, consider removing Java from your computer.


• Do not download files attached to emails from unknown or untrusted sources.


• Always remain vigilant and investigate suspicious website links before clicking on them.

Photo Credit: Don Hankins

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Don't Fall for Delta Air Lines ‘Download Your Ticket’ Spam

Did you get an email inviting you to download and print a Delta Air Lines ticket that you don’t recall purchasing?

Don’t worry; you really don’t have a phantom ticket in your name and your credit card hasn’t been dinged for the price of the ticket.

Fact of the matter is, the email is a fake. It didn’t come from Delta Air Lines, but a spammer that is praying you download the attached file to infect your computer with the malware hiding inside.

Subject: You can download your ticket #NR9318
From: Delta Air Lines (aa.support904@deltaa.com)

Order Notification,

ELECTRONIC TICKET NUMBER / EH161213460
SEAT / 34F/ZONE 3
DATE / TIME 9 AUGUST, 2012, 10:45 PM

ARRIVING / Minneapolis
FORM OF PAYMENT / XXXXXX
TOTAL PRICE / 283.28 USD
REF / EK.3658 ST / OK
BAG / 4PC

Please find your ticket attached.
To use your ticket you should print it.

Thank you for your attention.
Delta Air Lines.

According to a VirusTotal scan report, only 2/43 antivirus can detect the malware threat – Mal/BredoZp-B (Sophos) – contained within the  “Delta_A_Ticket_Print_Document_1896.zip” file attached to the email.

Therefore, if you receive an email similar to the one above, it is strongly recommended that you:

• Do not download or open the attached file.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: APC Back-UPS Pro 1500 for $203!

This offer expired on 10/12/12. See top banner ad for active deals.

The Back-UPS Pro provides abundant battery backup power, so you can work through medium and extended length power outages. It safeguards your equipment against damaging surges and spikes that travel along utility and data lines.

The Back-UPS Pro also features automatic voltage regulation (AVR), which instantly adjusts high and low voltages to safe levels, so you can work indefinitely during brownouts and overvoltages.

Until October 12th, 2012, you can order an APC Back-UPS Pro 1500 from Hyphenet for only $203, plus shipping!

Specifications for APC Back-UPS Pro 1500

MFR#:	BR1500G
Device Type	UPS - external
Input Voltage	AC 120 V
Output Voltage	AC 120 V (50/60 Hz)
Power Capacity	865 Watt / 1500 VA
Output Connectors	5 x power NEMA 5-15 ( surge ) 5 x power NEMA 5-15 ( UPS and surge )
Battery	Lead acid
Battery Form Factor	Plug-in module
Batteries Qty	1
Run Time (Up to)	3 min at full load
Warranty	3-Year APC Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order APC Back-UPS Pro 1500 today!

Buy of the Week offer valid through October 12th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This offer expired on 10/12/12. See top banner ad for active deals.

How Strong is Your Password? [INFOGRAPHIC]

Rarely does a day go by without seeing some article stressing the importance of using strong passwords, yet whenever word hits that there’s been another security breach involving passwords we discover that folks continue to use weak passwords like “123456”, “password”, or “abc13.”

Given the number of password-protected sites people use, it’s no real wonder why users resort to using weak passwords: they’re simply easier to remember. Unfortunately, a password that’s easy to remember can also be easy to crack.

PasswordGenie recently released an infographic that outlines recent password breaches, characteristics of weak passwords,  and timeframes on how long it can take to crack a password. Such information can prove very useful for those wishing to identify what exactly makes a password “weak,” and how to go about creating one that will be tough for cybercriminals to crack.

Check it out:

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Universal Man-in-the-Browser Attack Efficiently Captures Data in Real-Time

Trusteer researchers have discovered a new “Universal Man-in-the-Browser” (uMitB) attack that is capable of stealing sensitive data entered into not just a single website, but all websites visited by the end-user in real-time.

Unlike traditional Man-in-the-Browser configurations, this new uMitB method “uses ‘generic’ real-time logic on the form submissions” to process the information immediately, allowing cyberthieves to quickly build a database of freshly-stolen information without having to parse the logs and extract the valuable details first.

Such efficiency could come in handy for cybercriminals that operate e-stores selling credit card information since card data stolen in real-time is far more valuable than “stale” information.

Trusteer did not give details as to how they came across this new attack method; however they did share a marketing video promoted by cybercriminals that demonstrates how the uMitB attack works.

As far as keeping data safe from (u)MitB attacks, users are urged to safeguard their machines against malware like ZeuS & SpyEye, both of which use MitB tactics to steal private information like credit card numbers or login credentials.

ZeuS, SpyEye & other MitB malware is often delivered via malicious email attachments, drive-by-downloads, therefore users can protect their PCs by:

• Keeping their operating system and installed software fully patched & up-to-date.


• Always running antivirus software and keeping the virus definitions current.


• Exercising caution when following [shortened] links and checking email – no downloading files from unknown/untrusted sources!

Photo Credit: AJC1

[via Trusteer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.