Hacks Scams & Viruses

Website Security.

Wednesday 15th May 2013

Cyber-attacks can be politically motivated (and can be done to uphold a cause) or they can be criminal, disruptive cyber anarchy. Either way, does it matter?

Well, whilst the issue may matter, the attacks won’t – providing you have the correct “cyber protection” in place. Here are some recent threats and cases:

1) The disruption of the Bahrain Grand Prix to stop the race, because it was being held in a place of political turmoil. The plan was to remove the Grand Prix from the World Wide Web.

2) The attack on WordPress by a botnet of “tens of thousands” of individual computers, according to the server hosts. This attack began just after WordPress had strengthened its security with an optional two-step authentication log-in option. This botnet had more than 90,000 IP addresses, so that an “IP-limiting plugin” wasn’t going to be very effective as the botnet could try from a different IP [address] every second for 24 hours.

3) The case of the 21-year-old British hacker, recently found guilty of a long string of online crimes, including launching attacks on the websites of Oxford and Cambridge Universities. The attacks were relatively naïve and the disruption was fairly temporary. But the hacker had strongly claimed that his intent was to compromise the websites as part of a politically-motivated campaign. 

So, were these attacks genuinely politically motivated or criminal damage? On closer inspection, in the case of the Oxbridge hacker, the young man had already been found guilty of previous criminal activities including burglaries of computer equipment and harvesting 300 credit cards, which he sold to foreign criminals. Each case must be judged individually as to whether the attack was in pursuit of a political cause or for criminal purposes (at whatever level of expertise), but what remains a fact irrespective of intent is that the need for effective security is paramount.

As far as your website is concerned, the intent of potential hackers isn’t what matters. What matters is that the Dental Focus team will look after your website security and uptime. Indeed, if everyone was as committed to protecting security as we at Dental Focus are then hackers would have a much harder time. But of course, many are blissfully unaware of their vulnerability, and so for hackers, it’s simply a numbers game in which they try enough websites and eventually they’ll find a vulnerable one to exploit. But rest assured; Dental Focus will make sure that site isn’t yours!

The WordPress attack was called a ‘brute force’ attack – because it was based on guessing weak and commonly used account names and passwords.

To help deal with this, Dental Focus took the immediate following security measures:

– Updated passwords, to ensure each one met the requirements specified.-    Changed common and default account names (for example ‘Admin’) to something less likely to be in common use

– Ensured we were using the most up to date WordPress version (and plug-ins).

 

 

 

Best wishes,

The Dental Focus team.

Beware Fraudulent Email Phishing Scams!

Wednesday 20th July 2011

Beware! There are so many fake websites out there that look and feel like the real McKoy. How do you keep safe from hackers and phishing scams?

You will receive scam emails from what looks like your bank (i.e. HSBC, RBS, Halifax, Lloyds, etc), PayPal, Google, FaceBook, eBay, Amazon, email provider and many other popular websites.

hsbc

If you receive any email saying something along the lines of “Your email box is full and has been suspended – click here to reactivate.” then please, please do NOT click on the link and do NOT reply. Instead contact your email provider (if you’re our client then just call or email your project manager directly) to verify the authenticity of the email. Remember, we will never suspend your email…

I receive many fraudulent bulk emails linking to all sorts of phishing websites. Today, I received an email apparently “from” Google AdWords saying that they closed my account. See screen shot below!

Google-AdWords-Phishing-Scam

These fraudulent emails will have links to fake websites that are “phishing” for your login details. As soon as you try logging into the pirated website, you’ve given the scammers and hackers your username and password – and within hours, your account will be hacked!

These fraudulent websites have similar looking www. domain names that cover typos or simply appear official. The fake emails will have the corporate logo and branding; the link may write www.google.co.uk but infact links to a slightly different URL address http://www.google-XYZ.com or http://google.XYZ.com

Beware! The fake email and website will try to fool you by even linking to the genuine website itself for real info OR fake pages with genuine copy! But when you try to login, it won’t work – you’ll only be sending your personal details to hackers!

5 TIPS TO KEEP SAFE

1. If you want to be safe – always check the emails are personally identifying you by name.

2. If you hover over the link, the real destination URL will appear for you to analyze.

3. Instead of clicking an email link, Google for your desired website i.e. go to http://www.google.co.uk and then search for HSBC, PayPal, FaceBook, etc and click on the no.1 natural ranking website (not on the sponsored adverts).

4. If you think you’ve just given your details to a scam website then immediately find the real website, login and change your password! Then contact the real company to notify them of the fraudulent website.

5. Forward the suspect email to your project manager at Dental Focus Web Design so we can check it out for you!

krish-blogKrishan Joshi is “the Masterat Dental Focus Web Design.

Remember to subscribe to our blog by e-mail so you can get all our dental marketing ideas immediately – the Internet Marketing Secrets of “WOW websites that find you and convert you!”

If you would like some free advice, Email Us or call 020 7183 8388.