DIY-PC-Recovery: August 2011

Don’t fall for the temptation to reuse passwords.

Otherwise, if a hacker manages to guess or steal one of your passwords, he could get access to many of your accounts. He could test your password at different sites, hoping that you use the same password for many or all of the different accounts you have set up. This is much easier to do than you might think.

You are probably much more careful with your PayPal and bank passwords than you are with say your email and social networking passwords. But, even if you are equally careful with all passwords, a site that suffers a data breach might accidentally leak one of your passwords. So if you use the same password across many sites, you are putting yourself at unnecessary risk.

It is not even enough to make minor variations.

Hackers test minor variations of stolen passwords, too. Don’t forget that most hackers are good programmers, and they can easily write computer programs that try large numbers of minor variations of a password – automatically. So just adding different digits to a core password is not enough.

Don’t fall for the temptation to reuse passwords.

It is not even enough to make minor variations.

Online security tips.

Use a current Web browser.

Avoid downloading programs from unknown sources.

Do not use your Social Security number as a username or password. Change your usernames and passwords regularly and use combinations of letters, numbers, and "special characters" such as "pound" (#) and "at" (@) signs. Do not use your online brokerage password as a password for other online accounts.

If your current Wells Fargo Advisors username or password is your Social Security number, change it by following these directions:

Click on the Customer Service tab.

Select Change Username or Change Password.

Protect your online passwords. Don't write them down or share them with anyone.

Protect your answers to security questions. Select questions and provide answers that are easy for you to remember but hard for anyone else to guess. Do not write down your security questions or answers or share them with anyone. If you have selected security questions on other websites, avoid using the same questions to protect your Wells Fargo Advisors online account. Please note that we will never ask you to provide answers to your security questions via email.

Use secure websites for transactions and shopping. Shop with merchants you know and trust. Make sure Internet purchases are secured with encryption to protect your account information. Look for "secure transaction" symbols like a lock symbol in the lower right-hand corner of your Web browser window or "https://…" in the address bar of the website. The "s" indicates "secured" and means the webpage uses encryption.

Always log off from any website after making a purchase with your credit or debit card. If you cannot log off, shut down your browser to prevent unauthorized access to your account information.

Close your browser when you're not using the internet.

Protecting your Google Account

Some tips to help keep your Google account safe:

Always sign out when you've finished reading your mail.

Only select Stay signed in if you're signing in from a personal computer.

Clear forms, passwords, cache and cookies in your browser on a regular basis - especially on a public computer.

Keep secrets! Never tell anyone your password or your secret question and answer; if you do tell someone, change it as soon as possible.

Choose a good password and security question and answer.

Do not write this information down anywhere

Never send this information by email

Never re-use your Google Accounts password for an account on another website

Periodically change your password and your security question and answer

Download the free Google Pack, which includes Mozilla's Firefox browser as well as anti-virus and anti-spyware utilities that can help to keep your computer safe.

Never give out your password after following a link sent to you in an email. Access the Google product directly by typing it's URL directly in browser's address bar.

How can I identify a phishing web site?

If you receive an email (or instant message) from someone you don't know directing you to sign in to a web site, be careful! You may have received a phishing email with links to a phishing web site. A phishing web site (sometimes called a "spoofed" site) tries to steal your account password or other confidential information by tricking you into believing you're on a legitimate web site. You can even land on a phishing site by mistyping a URL (web address).

Is that web site legitimate? Don't be fooled by a site that looks real. It's easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.
Important: If you're at all unsure about a web site, do not sign in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's Address bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.
Phishers are becoming more and more sophisticated in designing their phony web sites. There's no surefire way to know if you're on a phishing site, but here's some hints that can help you distinguish a real web site from a phishing site.

Check the web address
Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's Address bar for these signs that you may be on a phishing site:

I
ncorrect company name.
Often the web address of a phishing site looks correct, but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look out for tricks such as substituting the number "1" for the letter "l" in a web address (for example, www.paypa1.com instead of www.paypal.com).
http:// at the start of the address on Yahoo! sign-in pages. Check the web site address for any Yahoo! sign-in page. A legitimate Yahoo! sign-in page address starts with "https://." Look for the letter "s" following "http."
Missing slash. To verify that you're on a legitimate Yahoo! site, make sure a forward slash (" / ") appears after "yahoo.com" in the Address bar -- like these examples:

For example, "http://www.yahoo.com:login&mode=secure" is a fake web site address.

Important: A legitimate Yahoo! sign-in page never starts with"http://geocities.yahoo.com." If you land on a GeoCities page with a Yahoo! sign-in box, report it as a phishing web site immediately.

Be leery of pop-ups
Be careful if you're sent to a web site that first displays a pop-up window asking you to enter your user name and password. Phishing scams may direct you to a legitimate web site, but then use a pop-up to gain your account information.

Give a fake password
If you not sure if a site is authentic, don't use your real password to sign in. If you enter a fake password and appear to be signed in, you're likely on a phishing site. Do not enter any more information; close your browser. Keep in mind, though, that some phishing sites automatically display an error message regardless of the password you enter. So, just because your fake password is rejected, don't assume the site is legitimate.

Look for your sign-in seal when you sign in to Yahoo!
A sign-in seal is a secret message or image that you select to display in your Yahoo! sign-in box to help protect your account from phishers. Because the sign-in seal is secret between your computer and Yahoo!, you can be sure you're on a legitimate Yahoo! site each time use that computer to sign in to Yahoo!. Just look for the custom text or image you set up. If it's not there, you might have landed on a phishing site. Creating a sign-in seal is fast and easy.

Other web sites, such as those for banks and other financial institutions, may offer a similar feature to help protect you against phishing scams.

Use a web browser with anti-phishing detection
Both Internet Explorer and Mozilla Firefox web browsers have free add-ons (or "plug-ins") that can help you detect phishing sites.

Be wary of other methods to identify a legitimate site
Some methods used to indicate a safe site can't always be trusted. A small unbroken key or locked padlock at the bottom of your browser is not a reliable indicator of a legitimate web site. Just because there's a key or lock and the security certificate looks authentic, don't assume the site is legitimate.

I learned to not trust URL’s that look real. They make look like the real website. However they are fake.

Phishing Example #1

http://secmetrix.com/ch4/web8/ch4-chase.gif

New Phishing E-mail Example #2

From: no_reply@emailonline.chase.com
Subject: Account Status

Dear Chase OnlineSM Customer,
Due to recent activity on your account, we have issued the following security requirements. For your security, we have temporarily prevented access to your account. Chase safeguards your account when there is a possibility that someone other than you tried to sign on. You may be getting this message because you signed in from a different location or device. If this is the case, your access may be restored when you return to your normal sign on method. For immediate access, you are required to follow the intruction below to confirm your account in order to secure your personal account informations.

Click To Confirm Your Account

Regards,Carter Franke
Chief Marketing Officer
CardMember Services

New Phishing E-mail Example #3

Subject: Security Check From Chase
From: Chase@emailinfo.chase.com
Date: Mon, 17 Jan 2011 16:43:56 -0500

Dear Valued JPMorgan Chase Customer,

Due to a recent security check on JPMorgan Chase online banking on 15th We require you to confirm your details and Re-activate your account

Re-activate now
Failure to do this within 24hrs will lead to access suspension
Sorry for the inconvienence

Regards
JPMorgan Chase Online Banking
Issued for USA use only | JPMorgan Chase Bank plc 2011

New Phishing E-mail Example #4

From: Chase Online
Sent: Mon, Jan 17, 2011 4:34 am
Subject: Account Maintenance

Dear client,
This is your official notification that the service(s) listed below will be deactivated and deleted if your profile is not verified immediately.
SERVICE: Chase Online and Bill Pay services.
EXPIRATION: January 20, 2011
What you need to do:

1. Log in to your account at www.Chase.com, by clicking the URL.
2. Enter your user ID and Password (that you selected during the online enrollment process).

Please do not reply to this message. For questions, please call Customer Service at the number on the back of your card. We are available 24 hours a day, 7 days a week.

Sincerely,

Carter Franke
Chief Marketing Officer

New Phishing E-mail Example #5

From: Chase Online
Subject: Message Alerts : Online Banking Deactivated
To:
Date: Monday, January 17, 2011, 2:36 PM

Chase Bank Online® Department Notice
You have received this email because you or someone had used your account from different locations.
For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.
To help speed up this process, please access the following link so we can complete the verification of your Chase Online® Banking Account registration information :
To get started, please click the link below:
https://chaseonline.chase.com/chaseonline/logon/sso_logon.jsp
Please Note:
If we do no receive the appropriate account verification within 48 hours, then we will assume this Chase Bank account is fraudulent and will be suspended. The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community.

Regards,
Chase Bank - Chase Online® Banking Department

New Text Message Example #6

SMS Text Message from: jpmorgan@mail.tmail.com//Jpmorgan prepaid alert. call 212-924-4441

Please note the description provided is an indicator of the type of message, but may vary slightly in content and telephone number.

Security Advice
Fraudulent E-mail Examples
The following are examples of e-mail that customers have reported receiving. Please remember these are not legitimate messages and should not be responded to.

Reminder: Chase will never ask for your PIN or password over the telephone, by text message or by e-mail.

PLEASE NOTE: In addition to e-mail, criminals are now using pop-up windows to request your confidential information. See New Phishing Example #1 below.

New Phishing Example #1

New Phishing E-mail Example #2

New Phishing E-mail Example #3

Subject: Security Check From Chase
From: Chase@emailinfo.chase.com
Date: Mon, 17 Jan 2011 16:43:56 -0500

Dear Valued JPMorgan Chase Customer,

Due to a recent security check on JPMorgan Chase online banking on 15th We require you to confirm your details and Re-activate your account

Re-activate now

Failure to do this within 24hrs will lead to access suspension
Sorry for the inconvienence

Regards
JPMorgan Chase Online Banking
Issued for USA use only | JPMorgan Chase Bank plc 2011

New Phishing E-mail Example #4

New Phishing E-mail Example #5

New Text Message Example #6

New Phishing Example #1

New Phishing E-mail Example #2

New Phishing E-mail Example #3

Subject: Security Check From Chase
From: Chase@emailinfo.chase.com
Date: Mon, 17 Jan 2011 16:43:56 -0500

Dear Valued JPMorgan Chase Customer,

Due to a recent security check on JPMorgan Chase online banking on 15th We require you to confirm your details and Re-activate your account

Re-activate now

Failure to do this within 24hrs will lead to access suspension
Sorry for the inconvienence

Regards
JPMorgan Chase Online Banking
Issued for USA use only | JPMorgan Chase Bank plc 2011

New Phishing E-mail Example #4

New Phishing E-mail Example #5

New Text Message Example #6

DIY-PC-Recovery

PC Security Advice

What is Phishing, Facts You Should Know

Search This Blog

USMC Veteran's Blog -Semper-Fi

MY Blog