Technology

Techno Stuff

#FactCheck: Jollibee Spinwheelmania FB Giveaway – Scam or Legit?

Spread the love:

I say it’s a SCAM, and don’t ever click the link and refrain from sharing it. Unless Jollibee tells us it’s legit – stay away, better safe than sorry.

I recently received a number of Facebook messages from friends supposedly a referral link to a website giving out free meals from a popular Philippines fast food chain, Jollibee.

What bothers me is first, I never heard of any Jollibee promo announced on TV and social media. Second, after examining the URL ‘https://jollibee.spinwheelmania.com/landing/ph/all/jollibee/1/?pi=washare]’, this is redirected to another website ‘secoffers.com’.

Checking both spinwheelmania.com and secoffers.com – these two sites don’t have anything on its root page – it’s all blank.

Both sites are hosted on a server in Germany using same hosting company called Hertzner Online Gambh.

Everything seems to be normal except for one thing – ‘secoffers.com’has a known threat called “Phishing” when checking the url for security using safe site checker www.urlvoid.com.

What is “Phishing”?

Fortiguard.com (Fortiguard Labs – a global threat research and response) identifies secoffers.com with a Category: Phishing

Counterfeit web pages that duplicate legitimate business web pages for the purpose of eliciting financial, personal or other private information from the users.

This is the real danger of falling victim to shady giveaways just as this as it could be a form of luring people to click on links leading to sites which then install malware or virus to a user’s device and collect personal and business data or worse, lock them out of their devices and would then be asked to pay money so they can regain access or control (ransomware).

I would be glad to revise this post if this is legit. What’s suspect is why would Jollibee use a website which could potentially compromise its customers. And why there are no news or media adverts about it?

So be wary of gimmicks online – and as they say, think before you click.

Why Hacked Email Accounts Are So Dangerous

Spread the love:

Have you ever received a suspicious email from someone you know? It’s more common than most of us might imagine. That’s because when a hacker steals their victim’s email account, they use it to create more victims by sending out spam messages to users on the stolen account’s address book. It’s a major invasion of privacy, not to mention dangerous.

These messages frequently contain links to fake or “phishing” websites, which will be designed to resemble real websites but exist solely to either infect visitors with malware or pose as a location for people to “log in,” thereby unwittingly handing over their account info.

Naturally, some of those emails contain good old fashion infected files. As most of us live busy lives, downloading a file sent by a friend isn’t usually something we’d consider suspicious. But that’s exactly where it can start.

So how big is the problem and what can we do about it? Read on to find out.

The Infamous iCloud “Hack” and Phishing

If you recall 2014, you may remember reading about famous celebrities being “hacked” and having hundreds of their nude photos leaked onto the rest of the internet. Apple, apparently, was implicated in the incident because iCloud was where these photos were leaked.

But that’s only the face of the story. In reality, the iCloud “hacks” were actually the result of phishing emails targeted at celebrities. They exclaimed that there was a problem with their account and that they needed to submit their usernames and passwords. Amazingly, it worked.

Once the victims willingly handed over their logins, it was only a matter of time before their private information was exposed. Fortunately, this is one of the easier types of “hacks” to avoid in the email sphere.

Read any email that asks for information carefully: remember that companies never will ask for your username and password via email because they already have it! If you click a link in an email to visit a “login” page, check the URL address at the top of the page. It should be an exact match for the site. Facebook.com isn’t and will never be Facebook.login.com.

This brings up an important point about URLs; the part directly before the .com, .edu, .gov, or .net part is the actual host page. For instance:

  • com vs Google.search.com
  • google.com vs. google.scholar.com

The first one in each point above is still a part of “google.com,” whereas the second in each point come from an entirely different page. Learn to spot the differences; it can help avoid phishing.

Public WiFi Hacks

Another place people frequently get hacked is while using public, unsecured WiFi connections. They go to check their email and in the meantime, someone else connected to the network is infiltrating their device and stealing information.

The cost can get high quickly; stolen email accounts contain a laundry list of personal information about both the victim and people they know. Emails may contain information about other accounts, names, addresses, and proprietary information in the case of business emails. Considering the cost of identity theft—frequently in the thousands of dollars for individuals, not to mention the damage to credit—prevention is invaluable.

The best way to keep unsafe connections from being a source of hacks is to use a Virtual Private Network (VPN). A VPN is a service that encrypts your connection regardless of the source and allows you to surf the net without concern of your data being taken midstream. It does this by connecting you to a remote server—the medium between you and the rest of the net—so that you’re safe from attack and anonymous to boot.

The difficulty is finding the right provider, as there are many. This VPN review by Secure Thoughts is a good way to get started. In general, it’s best to seek a service that offers unlimited bandwidth and good customer service.

The Enemy Within; Outdated Software

So far, we’ve looked at how email accounts can be lost as a result of phishing attacks and unsafe internet connections, but there’s another vulnerability that puts just as much at risk.

Outdated apps and software present major security risks as vulnerabilities within old versions can be exploited by hackers to get into your systems and accounts. On the bright side, this is also the easiest problem to fix; just install updates! Automatic updates are rarely a bad thing, although you may need to ensure you have the data to spare for them (or just use WiFi with your now VPN secured connection).

The Consequences Are Dire

No matter how an email account ends up compromised—even if it’s because the password was old, reused, or just weak—the results can end up the same. Putting aside the obvious identity theft issues, reputation is another area that a lost email account can really become painful.

Whether the hacked account is your fault or not, it doesn’t change the perception that recipients of your tainted emails may have of you after the fact. Business contacts are less likely to trust you and contacts will likely screen your future emails more carefully.

Keep in mind that hacked accounts often end up hacked a second time later on. Clever hackers may leave themselves a backdoor into your account or set up forwarding of your mail to intercept future communications.

So don’t let it happen; be on the offensive and look for threats actively. Use the above tools to your advantage so you don’t end up on the wrong side of a hacked email account. And share that information with your friends; be on the lookout for suspicious emails that may indicate someone on your contacts was hacked.

We’re all in this together; will you be ready? Tell us what your strategy will be in the comments!

About the Author: Cassie is a cybersecurity blogger and technology specialist. With the increase in cybercrime, she finds herself increasingly busy writing tips and guides on how to avoid becoming the next victim.

~

Are device cams a security concern?

Spread the love:

Fact or not, but web security and privacy experts are advising you to cover your device camera (laptops, mobile phones, tablets). Notable people do, like Mark Zuckerberg (yes, the Facebook guy), as reported in this article.

Perhaps the best way to convince you is to seek an answer to the following question: Can some people really spy on you through your laptop or smartphone camera?

The answer is a creepy YES! Tech experts like the guys at DigitalSpy.com believe its not only hackers who are interested in viewing your most private moments, but also some schools checking their students, and companies tracking its employees to see what they’re doing at any given time.

Scary right? With ransomware (a malware or malicious software) and voyeur sites getting more popular these days, you don’t want someone asking you money or else you’ll gonna see your naked butt posted on the web do you?

It is believed someone can take control of your laptop or smartphone camera through an injection of trojan virus or malware from bad websites and spam emails (phishing) that you may have clicked or opened. It is also widely known that several android devices, electronic chips, including internet routers manufactured in China have “backdoor” capabilities to remotely access and control these gadgets.

So if you’re not doing it yet, better start now! Go grab some tape and cover your device’s camera ASAP. Its better to be “overly” safe than sorry.

If you want to cover your laptop’s webcam or smartphone camera in style, you can browse some inexpensive webcam cover online, like this one from Amazon.com.

~

How to check if your email account is compromised, and fix it

Spread the love:

With the shocking news in September 22, 2016 that Yahoo finally admitted to a widespread data breach involving some 500 million user accounts, and the recent massive emails and data breach at Verifications.io it is time that everyone should take data and account security very seriously.

Most of our online accounts are registered using an email, and chances are, if you happen to use Yahoo email, that your account is one of those accounts breached.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in an statement.

Yahoo have joined LinkedIn as well as Dropbox as of late in the list of popular websites which were compromised – probably with the biggest number of accounts stolen (estimated at 500 million). LinkedIn breach involved some 117 million accounts, while Dropbox had 68 million accounts and passwords leaked.

Just before the May 2016 Philippines Presidential elections, the COMELEC voters information website was also hacked with data on 55 million Filipino voters leaked publicly which included personal sensitive information such as biometric data and fingerprints, dates of birth, email addresses, family members’ names, genders, job titles, marital statuses, names, passport numbers, phone numbers, physical addresses and physical attributes. The breach however, only included 228,000 email addresses.

How can you check if your email account is breached, worse, is posted somewhere? Troy Hunt (@troyhunt), Microsoft Regional Director and MVP for Developer Security have developed a website which checks various online databases of leaked accounts.

HAVEIBEENPWNED.COM allows you to check your email account if it has been compromised in a data breach. It gives information the source of the data breach if your account happens to be part of a leak.

What to do if your email account is compromised? 

Securing your account should be a top priority. The below steps can help you start securing your accounts to prevent unscrupulous individuals to take advantage of your sensitive personal information and avoid credit card fraud, identity theft and other malicious and illegal activities.

  1. Change your password ASAP.
  2. Create a strong password, and should be unique for each account. It should be a mix of letters, numbers and symbols. Check here for a guideline in creating strong passwords.
  3. Never share your password to anyone.
  4. Change your passwords regularly.
  5. Setup 2-step verification of your email accounts. Popular email providers like Gmail and Yahoo have 2-step verification features to act as extra security protection. Every time you sign in from an unrecognized device or computer, you’ll be asked to enter the verification code that is sent to your mobile number.
  6. Maintain at least 2 emails. One email to be used for online accounts for social media, gaming, subscriptions and other public websites, while another email to be used only for private or personal purposes like online banking, credit card statements and other sites which require you to maintain sensitive personal information.
  7. Minimize if not avoid using public wifi to access your accounts associated with sensitive information.
  8. Be mindful of fake sites and other unsecured sites that may inject your computer or mobile devices with viruses and malware and can compromise not just your email account but your entire data.
  9. Do not open emails and attachments from unknown people or sources. Be mindful of social engineering tactics which are aimed to harvest sensitive personal information.
  10. If you are engaged in a business, or employed, never use your business or company email to create social media accounts and to subscribe to online newsletters and publications.

Data security should be everyone’s concern. Awareness is key to ensuring your accounts and sensitive personal information are safe. When you suspect that your account is compromised – follow the above steps.

~