Tame the FUD Factor!

Wednesday, February 7, 2018

Malvertising

Another geek portmanteau - malware and advertising: malvertising...

While bogus tech support / FBI warning pop-ups and pornados have been pretty much countered by browser security features, this method is a work around that would give most normal users consternation and worry.

For now, it appears to be Windows Chrome specific and odds are Google will deal with it quickly.

See this article from Malwarebytes (who discovered the malware) on how to deal with it. Just another reason to use an ad blocker and to never EVER click on any ads you see while browsing the web.

The Malwarebytes product has been around for years and is an excellent product. While I do not use it as my primary antivirus/PC security product, I do have it on a USB drive that I use to periodically check my system and clean-up friends computers that have problems.

Monday, February 5, 2018

Phishing, smishing, vishing... Using the web safely

All of these '...ishings' are just clever names for fraud. The primary difference is the communication method used but their goals are the same - to get someone to click on a link in an email, within a text message or believe the scammer on the phone and give them money and/or personal information.

No matter the media nor methodology used, the vast majority of these are sent 'in the blind' to thousands if not millions of people at the same time. Targeted attacks are rare and tend to be focused on 'high profile' individuals (politicians, entertainers, the very wealthy). Fortunately, the majority of us just get the run of the mill, generic spam - but that does not make them any less of a threat.

One of the more common and successful methods used is to make the message appear to come from a trusted and/or source known to you. For example:
  • an email from a friend or relative, claiming to be stranded in another country begging you to wire them money
  • a text message or social media post from a familiar or 'famous' name
  • a phone call from someone claiming to be with the IRS or other government authority threatening you with arrest if you don't immediately send money

The things they have in common:
  • they portend to be from someone you think you know, trust or fear (IRS)
  • a sense of urgency - you must do something IMMEDIATELY
Simply because you receive an email that has your mothers, childs, friends name and email address in the FROM line, does not mean it was actually sent by THEM. When you see these type of attacks the majority of the time the scammer has simply 'spoofed' the sender information. It is very easy to do, and fortunately, most major email providers (Gmail, MSN, etc) are pretty good at identifying and preventing the majority of these from getting through.  

The more difficult method to identify is when the scammer has gained access to your friends email account. They then send their phishing messages to everyone in their contacts list and only a close examination or a confirmation phone call will reveal that it is a fraud.

What can you do to limit your exposure to these types of fraud?

  • Don't click on ANY links, especially for any of your financial sites. Instead, open your browser and type in the web address to login, or use LastPass to do this for you.
  • If you feel you *must* click on a link, then teach yourself how to examine a link to verify it is legit. You can also use Google to examine the link for you. While not 100%, it is a quick, easy and free way to filter out many of them.
  • There are also some antivirus products that have a safe browsing feature as part of their product offering. The one I use and recommend: Webroot  You can purchase a 3 device license for 1 year for under $25 from Amazon.
If you want to learn more about the most common web/internet scams and how to identify them see this article, or simply search for: 'How to identify phishing email'.

But wait! In this article you say not to click on ANY links, but you have links throughout your blog. That is true, but if you are not sure you can trust them - you should not click on those either. When in doubt, don't click.

Thursday, February 1, 2018

Managing the Failure Points

Over the years (decades), I have been asked for tips on starting a business to the perfunctory cocktail question of 'What do you do'. To both, the answer is the same I manage failure points.

That tends to end most casual cocktail conversation with an odd stare (which is fine by me), but with a little explanation, I feel it's an accurate description of not only managing a business, but of most processes in life.

There are three steps to this methodology:

Identification - first and foremost you must be able to identify what is most likely to go wrong and which of those you can actually prevent, control and/or mitigate.

Preparation - what is the likelihood and order of occurrence of the failure points. What can you do to either lessen their probability or limit their damage?

Mitigation - once they do occur, how do you handle them.

Those problems that are highly unlikely/improbable or you can do little to control, even if they could be catastrophic, should not be your focus. Many times, it's the 'little things' that do you in, but because they seem minor at the time, we tend to push them off for later. Like the parable of slowly boiling a frog - [ if you put a frog in a pan of water and increase the temperature slowly, they get complacent, even doze off in the warm water, until it's too late ], a small problem ignored today can grow to one that cripples you tomorrow.

This practice also helps you maintain perspective. Anything we try to accomplish in life has hurdles to overcome. Some barely stretch our legs, others smack us square in the groin. Being comfortable with the number, size and type of hurdles you are likely to encounter and knowing ahead of time how you will tackle them, helps instill confidence and the conviction that you are doing the right things. While fear is the strongest of human emotions, self-doubt is the most destructive.

When unexpected problems arise (just like no battle plan survives the first engagement, no plan of any complexity will either), be prepared to re-assess, re-adjust and re-focus.

Another part of this process is identifying the tipping points - more on this later.