Tuesday, October 30, 2012

Tale of a Man Who Bought Details of 1.1 Million Facebook Users for $5

Facebook SearchHow protective are you of your information?

Many of us share our contact information, current location and everyday thoughts on our Facebook profile without ever considering the possibility of that data ending up in the wrong hands.

Even more alarming is how easily said data can be collected and sold to anyone that’s willing to pay. The sales price doesn't have to be high, either.

As Bulgarian blogger and digital rights activist Bogomil Shopov recently discovered, a handy $5 can fetch the information tied to 1.1 million Facebook users.

According to his blog, Shopov purchased the list containing Facebook names, user IDs, email addresses, and vanity URLs from someone off Gigbucks for $5. In the description, the seller wrote that the data had been collected through Facebook apps, only included active users, and had great potential for anyone looking to offer a social media product or service. Spammers could also find this list useful, of course.

Shortly after making his purchase, Shopov was contacted by Facebook and instructed to send them the file, give them all the purchase details, disclose whether or not he’d shared it with anyone else, and promptly delete any copies he had. Oh, and don’t tell anyone what happened. We see how that went.

After conducting an investigation, Facebook determined that the information was collected by scraping public information and not through an app as the data seller claimed.

There was a bit of doubt that the information was scraped and not app-provided given that Shopov said that some of the email addresses he checked were not publicly displayed; however, it’s possible that the email addresses were visible at some point.

So what should we take from all of this? Well, if you’re a Facebook user, you should definitely:

  • Make sure your privacy settings are configured correctly (aka nothing is "public") to minimize the chances of your personal information being scraped from your profile.

  • Pay attention to what apps you install on your Facebook profile and ultimately give unlimited access to your information.


Failure to lock down your Facebook profile could lead to your data being sold, email address being added to a spammer's mailing list, or maybe even the loss of your job.

[via Forbes]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Monday, October 29, 2012

Hurricane Sandy to Bring Strong Winds, Flooding Rains and... Internet Scams?

Hurricane Sandy PathHurricane Sandy is bringing a lot to the table: 90+mph winds, heavy rain, floods, and even a foot or three of snow in certain areas.

While those within the storm’s path have taken the necessary precautions to protect their family & homes, there are dangers that will pose danger to those who are far beyond the storm’s designated area.

“If the past repeats itself, Facebook postings, tweets, emails, and websites claiming to have exclusive video or pleading for donations for disaster relief efforts will appear shortly after the storm hits,” Deborah Salmi of Avast! Antivirus warned in a Monday blog post. “These messages often include malicious code that attempt to infect computers with viruses, spyware, or Trojan horses.”

It's true. Cybercriminals often use major news events – such as natural disasters or celebrity deaths – to lure users to malicious sites rigged with drive-by-downloads serving malware or phishing scams to steal personal/financial information.

The more tenacious scammers may even part-take in what’s referred to as “black-hat SEO” (search engine optimization) to help their booby-trapped websites appear near the top of search engine rankings.

Don't Fall Victim to Hurricane Sandy Scams


Users are advised to follow these tips to avoid falling for Hurricane Sandy internet scams:

  • Be wary of unsolicited emails that urge you to download files or click links to view pictures of the disaster area. There’s a pretty good chance that the attached file will contain malware and embedded links lead to malicious websites.

  • Do not respond to unsolicited emails asking for donations to relief efforts. If you want to make a donation to help those affected by Hurricane Sandy, go directly to the website of the charity you wish to donate to. You can also review BBB ratings to make sure you are contributing to a legitimate cause.

  • If you're making a donation online, always double-check the URL in your browser's address bar before supplying any personal or financial information.

  • Keep in mind that the majority of legitimate charity websites end in .org versus .com.

  • Use a URL expander to investigate shortened URLS before following them.

  • Proceed with caution when searching for disaster videos; cybercriminals often create fake video pages that ask you to download malware disguised as an Adobe Flash plugin/update. (Hint: You can use the Adobe website to verify you have the latest version of Flash installed in your browser.)


Did we leave any tips off the list? Feel free to share your words of wisdom the comment section below.

Stay safe, everyone!

Update: Hurricane Sandy Spam Has Arrived!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Thursday, October 25, 2012

Buy of the Week: Microsoft Windows 8 Pro (64-bit) for $142!

Windows 8 ProIt's Windows re-imagined and reinvented from a solid core of Windows 7 speed and reliability. It's a touch interface. It's a Windows for devices. And it's easy to try now - whether you're installing it for the first time, or moving from Windows 8 consumer preview.

Until November 2nd, 2012, you can order Windows 8 Pro (64-bit) from Hyphenet for only $142, plus shipping!

Specifications for Windows 8 Pro (64-bit)





























Operating SystemMicrosoft Windows 8 Pro
License TypeLicense and media
License Qty1 PC
License Details64-bit
LanguageEnglish
MediaDVD-ROM

Call (619) 325-0990 to order Windows 8 Pro (64-bit) today!


Buy of the Week offer valid through November 2nd, 2012.

Note: Shipping and taxes apply.

Need a different version of Windows 8? Contact us for pricing!

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

Wednesday, October 24, 2012

Trojan Tags Along in "Your UPS Invoice is Ready" Spam

UPS LogoSpammers are once again sending out fake UPS notices in hopes of tricking recipients into downloading malware onto their computer.

The emails, titled “Your UPS Invoice is Ready” have spoofed headers to make it appear as though it came from a ups.com email address and urge the user to download the attached file to view and pay their new UPS invoice.

UPS Spam
From: UPSBilling (RosannahColleen4g@ups.com)
Subject: Your UPS Invoice is Ready

UPS

This is an automatically generated email. Please do not reply to this email address.

Dear UPS Customer,

New invoice(s) are available for the consolidated payment plan(s) / account(s) enrolled in the UPS Billing Center
Please view UPS Billing Center attach document to view and pay your invoice.

(c) 2012 United Parcel Service of America, Inc. UPS, the UPS brandmark, and the color brown are trademarks of United Parcel Service of America, Inc. All rights reserved.

For more information on UPS's privacy practices, refer to the UPS Privacy Policy.
Please do not reply directly to this e-mail. UPS will not receive any reply message.
For questions or comments, visit Contact UPS.

This communication contains proprietary information and may be confidential. If you are not the intended recipient, the reading, copying, disclosure or other use of the contents of this e-mail is strictly prohibited and you are instructed to please delete this e-mail immediately.

Don't be fooled, though. The attached file (“UPS document.zip”) contains a variant of the Win32/Injector.XYG Trojan, not a copy of your UPS invoice. So do NOT download or open it!

Instead, it is recommended that you:

  • Report the email to UPS by forwarding the email and its full headers to fraud@ups.com.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Hackers Hit Barnes & Noble, Steal Credit Card Data

Barnes & NoblesIf you have recently made a purchase at Barnes & Nobles, you will want to closely monitor billing statements if you used a credit card or change your PIN number if you paid using debit.

Barnes & Noble announced on Wednesday that hackers had broken into PIN pad devices used in 63 of its stores, resulting in the theft of credit card information, debit card information and debit card PIN numbers for anyone that swiped their debit/credit card when making a purchase.

Purchased made online or through NOOK mobile apps were not affected by this breach, and Barnes & Nobles stated that their customer database is secure. The breach is limited to the single PIN pad device tampered with in each of the affected stores.

Barnes & Noble has been working with federal law enforcement authorities to investigate the breach, along with banks and payment card companies to identify any accounts that may have been compromised and beef up security to prevent fraud.

All PIN pad devices were disconnected following discovery of the breach on September 14th, and the company stated that customers can securely shop with credit cards through their cash registers.

Tampered devices were discovered at the following locations:



































































































































































































































































































































































































Store AddressCityStateZip
4735 Commons WayCalabasasCA91302
2470 Tuscany Street Suite 101CoronaCA92881
2015 Birch Road Suite 700Chula VistaCA91915
313 Corte Madera Town CenterCorte MaderaCA94925
5604 Bay StreetEmeryvilleCA94608
810 West Valley ParkwayEscondidoCA92025
1315 E. Gladstone StreetGlendoraCA91740
5183 Montclair Plaza LaneMontclairCA91763
894 Marsh St Bldg GSan Luis ObispoCA93401
2615 Vista WayOceansideCA92054
72-840 Highway 111 Suite 425Palm DesertCA92260
27460 West Lugonia AveRedlandsCA92374
1150 El Camino Real Space 277San BrunoCA94066
10775 Westview ParkwaySan DiegoCA92126
3600 Stevens Creek BlvdSan JoseCA95117
11 West Hillsdale Blvd.San MateoCA94403
9938 Mission Gorge RoadSanteeCA92071
40570 Winchester RdTemeculaCA92591
4820 Telephone RoadVenturaCA93003
1149 S. Main St.Walnut CreekCA94596
470 Universal Drive NorthNorth HavenCT06473
100 Greyrock Place Suite H009StamfordCT06901
60 Isham RoadW. HartfordCT06107
18711 NE Biscayne BlvdAventuraFL33180
333 N. Congress AvenueBoynton BeachFL33436
152 Miracle MileCoral GablesFL33134
1900 W International SpdwayDaytona BeachFL32114
2051 N. Federal HighwayFort LauderdaleFL33305
12405 N Kendall DriveMiamiFL33186
11380 Legacy AvePalm Beach GardensFL33410
14572 SW 5th St Suite 10140Pembroke PinesFL33027
11820 Pines BlvdPembroke PinesFL33026
5701 Sunset Drive Suite 196S. MiamiFL33143
700 Rosemary Ave Unit #104West Palm BeachFL33401
1441 West Webster AvenueChicagoIL60614
1130 North State StreetChicagoIL60610
5380 Route 14Crystal LakeIL60014
20600 North Rand RoadDeer ParkIL60010
728 North Waukegan RoadDeerfieldIL60015
1630 Sherman AvenueEvanstonIL60201
1468 Springhill Mall BlvdW. DundeeIL60118
170 Boylston StreetChestnut HillMA02467
96 Derby Street Suite 300HinghamMA02043
82 Providence HighwayEast WalpoleMA2032
395 Route 3 EastCliftonNJ07014
55 Parsonage RoadEdisonNJ08837
2134 State Highway 35HolmdelNJ07733
4831 US Hwy 9HowellNJ07731
23-80 Bell Blvd.BaysideNY11360
176-60 Union TurnpikeFresh MeadowsNY11366
1542 Northern BlvdManhassetNY11030
160 E 54th Street (Citicorp)New YorkNY10022
2289 BroadwayNew YorkNY10024
33 East 17th Street (Union Square)New YorkNY10003
555 Fifth AveNew YorkNY10017
2245 Richmond AvenueStaten IslandNY10314
230 Main StWhite PlainsNY10601
97 Warren StreetNew YorkNY10007
100 West Bridge StreetHomesteadPA15120
800 Settlers Ridge Center DrivePittsburghPA15205
1311 West Main RoadMiddletonRI02842
371 Putnam Pike Suite 330SmithfieldRI02917
1350-B Bald Hill RdWarwickRI02886

Protect Your Account


If you have recently made a purchase at one of the affected stores, it is recommended that you:

  • Closely review your billing statements for any unauthorized charges.

  • Change the PIN number for your debit card if it was used during payment.

  • Immediately notify your bank if you notice any unauthorized purchased and/or withdrawls.


Additional information can be found on www.barnesandnobleinc.com or by calling 1-888-471-7809 (8AM – 8PM EST). The related press release can be seen here.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Monday, October 22, 2012

Cybercriminals Use cPanel Spam to Phish for Website FTP Credentials

cPanelPop quiz!

Let’s say that you get an email saying that your cPanel account may have been compromised and you need to sign into your FTP account to initiate a “security check” on it.

The email says it’s from “cPanel Inc,” has the cPanel logo, has a link that leads you to believe it points to the cPanel website, and warns that your domain may be suspended if you fail to respond within 2 business days.

Check it out:

cPanel Phishing Email
Screenshot Credit: Barracuda Labs



From: cPanel Inc
Subject: Your Messages

cPanel

cPanel Message Center

Dear Customer

Due to our security upgrade to avoid multiple login and an unauthorized access to your online cPanel and FTP account we do require you to sign in your domain name and username and password for security check on your account and afterward we shall send a security code to your email as part of confirmation that your domain has now been properly verified and secured.

To process to confirm and verify your domain for this security check please click
http://www.cpanel.net/login
Failure to confirm your domain within 2 business days may lead to suspension of your domain if we observe any unauthorized login and may lead to total removal of the domain name from our system.

Cpanel Management

Now, should you:

  1. Follow the instructions, click the embedded link and login to your account.

  2. Open a browser window, manually access your website control panel and check for any security alerts.


If your answer was “A” then I have some bad news: you just fell for a phishing scam. Now would be a good time to change your website credentials, if you’re still able to.

What happened?


The link provided in the email leads to a (compromised) third-party website touting a fake cPanel login page.  Any credentials supplied will be sent off to the cybercriminals, and they can use that information to hijack your website and setup drive-by-downloads, phishing pages or whatever else their little black hear desires.

It is important to note that if something suspicious was going on with your account, you’d likely get an email from your web hosting company, not cPanel.

That being said, if you happen to receive an email like the one shown above, be sure that you mouseover any links to check the destination URL first, or skip any possibility of following a malicious link by manually typing in the web address you want to visit instead.

[via Barracuda Labs]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, October 19, 2012

Buy of the Week: HP Compaq 6005 Pro (SFF) for $590!

This offer expired on 10/26/12. Refer to top banner ad for active deals.

HP Compaq 6005 Pro SFFPacked with high performance features, the HP Compaq 6005 Pro Business PC is energy efficient and well equipped to go beyond meeting your daily business demands.

Until October 26th, 2012, you can order an HP Compaq 6005 Pro from Hyphenet for only $590, plus shipping!

Specifications for HP Compaq 6005 Pro (SFF)













































MFR#:A7L17UT#ABA
ProcessorAMD Athlon II X2 B26 / 3.2 GHz ( Dual-Core )
RAM4 GB DDR3
Hard Drive250 GB (7200 RPM)
Optical DriveDVD±RW (±R DL) / DVD-RAM
GraphicsATI Radeon HD 4200 shared video memory (UMA)
AudioIntegrated Stereo
NetworkingEthernet,
Fast Ethernet,
Gigabit Ethernet
Operating SystemMicrosoft Windows 7 Professional
Warranty3-Year On-site HP Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order HP Compaq 6005 Pro (SFF) today!


Buy of the Week offer valid through October 26th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 10/26/12. Refer to top banner ad for active deals.

Tuesday, October 16, 2012

What to Do When Your Twitter Account Has Been Compromised

Twitter bird is dead. Let’s say you’ve fallen for one of the many phishing scams that tend to circulate on Twitter and now followers are sending you messages asking why you’re tweeting about diet pills and sending them DM’s about how other people are spreading nasty rumors about them.

How do you stop the phantom tweets and get things back to normal?

  1. Change your Twitter account password ASAP. You can do this by clicking the little gear icon and selecting ‘Settings’. You will see the ‘Password’ option in the left-hand navigation menu. Enter your old password, create a new one (make sure it’s a strong one with upper/lowercase characters, numbers & symbols) and press ‘Save changes.’

  2. Review Apps that have access to your Twitter account. Assuming that you’ve just finished changing your password and you haven’t left the page, you can see the Apps connected to your Twitter account by clicking the ‘Apps’ link in the left-hand navigation. Carefully look over the listed Apps and hit the “Revoke access” button for any App that seems questionable.

  3. Check your browser for malicious plug-ins and/or extensions. Given that there have been sightings of rogue browser plugins capable of posting spam on Facebook walls it’s not all that farfetched to believe the same can be done with Twitter. Therefore, it may be worth your while to double-check that no malicious plugins/extensions have been installed on your browser.

  4. Scan your computer for malware. It’s a possibility that your Twitter account was compromised thanks to your computer being infected by a piece of malware prone to stealing login credentials. You know, like the Dorkbot worm that’s actively being spread via Skype? As they say, it’s better to be safe than sorry, so go ahead and do a full system scan with your antivirus program.

  5. Delete the garbage tweets. After you’ve taken the necessary steps to protect your own Twitter account, help out your fellow Twitter users by deleting any spam updates posted by the scammer/bot and post a warning to your followers about what transpired.


Try to be more careful in the future! And yes, that means no clicking suspicious links (at least not without investigating them first) or entering your Twitter login right after clicking a link.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Monday, October 15, 2012

Cybercriminals Continue to Target Skype Users with Fake Voicemail Notices

SkypeApparently Skype users are a favorite target for cybercriminals.

There have already been reports of an evil IM campaign infecting machines with the Dorkbot worm, and sightings of fake Skype password change notification emails, but apparently cybercrooks weren’t willing to stop there.

Just to make sure they catch as many Skype users off-guard as possible, spammers have begun sending out bogus Skype voicemail notices too.

At first glance, the emails will appear authentic – spoofed headers, Skype logo, pretty blue text, and no obvious grammar mistakes.

Unlike the Skype password spam, which used a malicious file attachment as its attack method, the fraudulent Skype voicemail messages use tainted links that will take the user to a third-party website rigged with drive-by-downloads.
Subject: You have a new voicemail
From: Skype (noreply@alerts.skype.com)

This is an automated email, please don’t reply.

Hi there,

You have a new voicemail

Sign in to Skype to listen to the message.

If you no longer want to receive email alerts about new voicemails, unsubscribe now.

Talk soon,
The people at Skype

Therefore, if you happen to receive an email claiming that you have a new Skype voicemail, we strongly urge you to take a moment to mouseover email links to make sure they actually point to Skype domain before clicking on them. Otherwise, you could be headed right into a cyber-trap!

[via GFI ]

Friday, October 12, 2012

Buy of the Week: Keyscan KS810-P Imaging Keyboard for $98!

This offer expired on 10/19/12. See top banner ad for active deals.

Keyscan KS810-P Imaging KeyboardKS810 with enhanced functionalities scans variety of paper documents and 2"x3" smooth surface plastic cards up to 1mm thickness such as driver licenses, health insurance and ID cards.

Until October 19th, 2012, you can order an Keyscan KS810-P Imaging Keyboard from Hyphenet for only $98, plus shipping!

Specifications for Keyscan KS810-P Imaging Keyboard













































MFR#:KS810P
Device TypeWired Keyboard with Built-in Scanner
InterfaceUSB (2.0)
Features2-port Hi-Speed USB hub
Dimensions19.3 in x 7.9 in x 1.2 in
Media SizePaper/photos to 8.5" x 30"
Smooth plastic cards up to 2" x 3"
True-optical Resolution600 dpi
Output file formatsPDF, MS-Word, HTML, JPG, BMP, TIF
Compatible OSMicrosoft Windows XP SP2 or higher
WarrantyLimited 30-Day Keyscan Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order Keyscan KS810-P Imaging Keyboard today!


Buy of the Week offer valid through October 19th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 10/19/12. See top banner ad for active deals.

Thursday, October 11, 2012

Malware Attack Hides Behind Fake CNN Alerts Stating Romney Has 60% Voter Support

Election 2012 ButtonWhenever cybercriminals create a malware spam campaign, they often write messages that they know will tap into the emotional side of the recipient.

By doing this, they can yield the best click-through rates for any embedded links pointing to malicious websites and highest number of possible downloads for file attachments laced with malware.

And what better way is there to evoke emotion than to discuss the 2012 U.S. Presidential Election?

Therefore, consider this your fair warning to be on the lookout for fraudulent emails purporting to be from well-known news media outlets featuring eye-catching electional headlines like the one below. It could be a trap to infect your PC with malware.

CNN Malware Spam Screenshot Credit: Sophos



Subject: CNN Breaking News – Mitt Romney Almost President
From: CNN Breaking News (BreakingNews@mail.cnn.com)

CNN
Top Stories
U.S. World Business Sports Health Technology Entertainment Features

TOP STORIES FROM CNN.COM
More than 60 percent of votes will be in favor of Mitt Romney.
Republican Party’s candidate is taking the lead in the race with the current President, the Democratic Party’s candidate, Barack Obama.
....

To no surprise, none of the links within the email go to CNN.com. Instead, they point to a third-party website housing the widely-used BlackHole exploit kit that will attempt to exploit system vulnerabilities in order to place malware on your machine.

According to Sophos, should BlackHole fail to find a vulnerability to take advantage of, it will resort to social engineering tactics by redirecting you to a page asking you to download a bogus Adobe Flash Player update.

Executing the fake Flash Player update will open your system up to even more trouble as it attempts to connect to various sites to download additional arbitrary files.

How Can I Protect My PC from Spam Malware Attacks?


Given that there was an up-tick in malicious spam activity around the 2008 election, we are offering the following tips to help you keep your computer safe during this year’s election:

  • Be sure to mouse-over email hyperlinks to check the true destination URL before clicking on them. This will help you determine if the email is legitimate or not, and will also help you figure out if you’re about to fall into a cyber-attack.

  • Never download a file attached to an unsolicited email. This is a popular method cybercriminals use to infect machines with malware. At the very least, make the effort of scanning the file before you download it.

  • Keep your operating system and installed software fully patched and up-to-date. This will close security holes & minimize the chances of a successful BlackHole exploit attack.

  • Always remain vigilant when checking your email and using the internet. Spammers often exploit the brands of reputable companies to launch malware attacks, so take the time to scrutinize every email to look out for possible red-flags.


Aside from that, we always make an effort to post about spam & malware attacks, so feel free to subscribe to our blog (see top right), follow us on Twitter (@hyphenet), like us on Facebook, or circle us on Google+ to informed about the latest computer security threats.

Dorkbot Worm Spreading via Skype Instant Messages

SkypeIf you use Skype to stay connected to family and friends, be careful that you do don’t fall for an ongoing malware attack that starts off with an instant message like the one below:

lol is this your new profile pic? http://goo.gl[REMOVED]?img=[USERNAME]

Upon clicking the link, users eventually land on a download page for a file named SKYPE_[TODAY’S DATE].zip, which contains a malicious executable (.exe) file that will install a variant of the Dorkbot worm on the victim’s computer.

Once Dorkbot has been successfully installed on a user’s PC, it will open a backdoor to grant an attacker remote control of the machine. The Dorkbot worm gives attackers the ability to recruit the computer into a botnet & part-take in DDoS attacks, steal login credentials for a variety of websites (Facebook, Twitter, Google, PayPal, Netflix, etc.), inject iFrames into webpages, or download additional malware.

There have been reports that Dorkbot infections may result in the user being locked out of their machine thanks to the worm’s tendency to select ransomware as its choice of additional malware to download. Upon installation, the ransomware will hold the computer hostage until the user forks over a $200 fee.

Given that messages spreading the Dorkbot worm can come from friends on your Skype contact list and not necessarily random strangers, users are urged to remain vigilant when following any links that have been shared with them.

Tips to Keep Your PC Dorkbot-Free



  1. Exercise caution when following shortened links shared via Skype or social network websites. Here are some tips on how you can investigate urls before clicking on them.

  2. Do not download files from unknown or untrusted sources, and don’t forget to scan files before opening them.

  3. If you plug a removable storage device into your PC, be sure to scan it with your antivirus software. Dorkbot – among other pieces of malware – are known to spread via USB thumb drives.

  4. Always run antivirus software & keep the virus definitions up-to-date.



Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Wednesday, October 10, 2012

Can People Find You on Facebook By Searching for Your Phone Number?

Facebook SearchIt’s understandable that anyone who has added their phone number to their Facebook profile and adjusted the privacy setting to “Only me” would assume that the information would be kept private, right?

Well, technically that information is kept hidden. It’s not visible whenever someone clicks your profile and views your information; however, people can STILL FIND YOU by entering your phone number into Facebook’s search bar.

The issue lies with the fact that there’s another privacy setting that seems to overlap the phone number visibility setting under the Contact Info section of your Facebook profile.

The specific setting in question, “Who can look you up using the email address or phone number you provided?” can be found under the “How You Connect” section on the Privacy Settings page. Apparently it is set to “Everybody” by default.

Facebook "How You Connect" Settings

It is recommended that you select one of the other two options, “Friends” or “Friends of Friends” – unless, you know, you don’t mind people performing reverse phone number look-ups on you.

Have you entered your phone number to Facebook? Are you concerned about people searching your phone number on Facebook to find your profile?

[via Sophos]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Ransomware Variants Are Vocal About Their Demands

Ransomware!! Ahhh!!You know what would really suck?

If your computer was infected with ransomware that not only locked you out of your machine, but repeatedly blasted an audio file that states the reason why you’re locked out is because you violated some copyright laws & you’ll have to fork over some cash to regain access to your files.

Oh, wait.... that could totally happen.

For the past few months, cybercriminals have begun increasingly using ransomware to extort money out of unwitting end-users. Typically the user is just shown a message accusing them of anything from illegal file-sharing to viewing child pornography, denied access to use their computer for anything more than an oversized paperweight and instructed to pay a hefty “fine” to regain access.

According to TrendMicro researchers, new variants of ransomware add a “non-malicious” .MP3 file to the mix, which will undoubtedly drive users even more insane as it repeatedly informs them that their system is blocked because they violated federal laws and that they’ll have to pay a $200 fine to make it all go away.

TrendMicro detects the new threats as TROJ_RANSOM.CXB and TROJ_RANSOM.AAF. The message displayed to the end user is shown below:

.mp3-loaded ransomware messageScreenshot Credit: TrendMicro


Removing ransomware varies from infection to infection; it all depends on how the author configured the malware to lock you out.

Regardless how the ransomware operates, users are urged not to pay the cybercrook to have their PC “unlocked.” There’s no guarantee that the cybercriminal will follow through with their promise to unlock your machine, and 9/10 the payment method used eliminates any possibility of retrieving your funds in the event that they don’t keep their word.

Instead, do what you can to prevent the infection in the first place, and if your PC does wind up getting infected, you can either research the removal steps for the specific piece of ransomware on your machine, or take your computer to be repaired by a professional.

How to Keep Your PC Safe from Ransomware



  • Keep your operating system and installed third-party software patched and up-to-date.

  • Always run antivirus software that offers real-time scanning features, and be sure to keep the virus definitions current.

  • If you don’t need or use it, consider removing Java from your computer.

  • Do not download files attached to emails from unknown or untrusted sources.

  • Always remain vigilant and investigate suspicious website links before clicking on them.


Photo Credit: Don Hankins

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Monday, October 8, 2012

Don't Fall for Delta Air Lines ‘Download Your Ticket’ Spam

Delta Air LinesDid you get an email inviting you to download and print a Delta Air Lines ticket that you don’t recall purchasing?

Don’t worry; you really don’t have a phantom ticket in your name and your credit card hasn’t been dinged for the price of the ticket.

Fact of the matter is, the email is a fake. It didn’t come from Delta Air Lines, but a spammer that is praying you download the attached file to infect your computer with the malware hiding inside.

Delta Air Lines



Subject: You can download your ticket #NR9318
From: Delta Air Lines (aa.support904@deltaa.com)

Order Notification,

ELECTRONIC TICKET NUMBER / EH161213460
SEAT / 34F/ZONE 3
DATE / TIME 9 AUGUST, 2012, 10:45 PM

ARRIVING / Minneapolis
FORM OF PAYMENT / XXXXXX
TOTAL PRICE / 283.28 USD
REF / EK.3658 ST / OK
BAG / 4PC

Please find your ticket attached.
To use your ticket you should print it.

Thank you for your attention.
Delta Air Lines.

According to a VirusTotal scan report, only 2/43 antivirus can detect the malware threat – Mal/BredoZp-B (Sophos) – contained within the  “Delta_A_Ticket_Print_Document_1896.zip” file attached to the email.

Therefore, if you receive an email similar to the one above, it is strongly recommended that you:

  • Do not download or open the attached file.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Friday, October 5, 2012

Buy of the Week: APC Back-UPS Pro 1500 for $203!

This offer expired on 10/12/12. See top banner ad for active deals.

APC Back UPS Pro 1500The Back-UPS Pro provides abundant battery backup power, so you can work through medium and extended length power outages. It safeguards your equipment against damaging surges and spikes that travel along utility and data lines.

The Back-UPS Pro also features automatic voltage regulation (AVR), which instantly adjusts high and low voltages to safe levels, so you can work indefinitely during brownouts and overvoltages.

Until October 12th, 2012, you can order an APC Back-UPS Pro 1500 from Hyphenet for only $203, plus shipping!

Specifications for APC Back-UPS Pro 1500

















































MFR#:BR1500G
Device TypeUPS - external
Input VoltageAC 120 V
Output VoltageAC 120 V (50/60 Hz)
Power Capacity865 Watt / 1500 VA
Output Connectors5 x power NEMA 5-15 ( surge )
5 x power NEMA 5-15 ( UPS and surge )
BatteryLead acid
Battery Form FactorPlug-in module
Batteries Qty1
Run Time (Up to)3 min at full load
Warranty3-Year APC Warranty

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order APC Back-UPS Pro 1500 today!


Buy of the Week offer valid through October 12th, 2012.

Note: Shipping and taxes apply.

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.
This offer expired on 10/12/12. See top banner ad for active deals.

How Strong is Your Password? [INFOGRAPHIC]

Security LockRarely does a day go by without seeing some article stressing the importance of using strong passwords, yet whenever word hits that there’s been another security breach involving passwords we discover that folks continue to use weak passwords like “123456”, “password”, or “abc13.”

Given the number of password-protected sites people use, it’s no real wonder why users resort to using weak passwords: they’re simply easier to remember. Unfortunately, a password that’s easy to remember can also be easy to crack.

PasswordGenie recently released an infographic that outlines recent password breaches, characteristics of weak passwords,  and timeframes on how long it can take to crack a password. Such information can prove very useful for those wishing to identify what exactly makes a password “weak,” and how to go about creating one that will be tough for cybercriminals to crack.

Check it out:

How Strong is Your Password? [INFOGRAPHIC]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Universal Man-in-the-Browser Attack Efficiently Captures Data in Real-Time

SpyTrusteer researchers have discovered a new “Universal Man-in-the-Browser” (uMitB) attack that is capable of stealing sensitive data entered into not just a single website, but all websites visited by the end-user in real-time.

Unlike traditional Man-in-the-Browser configurations, this new uMitB method “uses ‘generic’ real-time logic on the form submissions” to process the information immediately, allowing cyberthieves to quickly build a database of freshly-stolen information without having to parse the logs and extract the valuable details first.

Such efficiency could come in handy for cybercriminals that operate e-stores selling credit card information since card data stolen in real-time is far more valuable than “stale” information.

Trusteer did not give details as to how they came across this new attack method; however they did share a marketing video promoted by cybercriminals that demonstrates how the uMitB attack works.

As far as keeping data safe from (u)MitB attacks, users are urged to safeguard their machines against malware like ZeuS & SpyEye, both of which use MitB tactics to steal private information like credit card numbers or login credentials.

ZeuS, SpyEye & other MitB malware is often delivered via malicious email attachments, drive-by-downloads, therefore users can protect their PCs by:

  • Keeping their operating system and installed software fully patched & up-to-date.

  • Always running antivirus software and keeping the virus definitions current.

  • Exercising caution when following [shortened] links and checking email – no downloading files from unknown/untrusted sources!


Photo Credit: AJC1


[via Trusteer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.