Loading....

Facebook & Twitter Spam

Facebook spamAccording to thinq UK, Facebook was recently hit by the biggest wave of spam in its history.  What is Facebook spam?  You’ve probably clicked on one of the links that show up in the Feed.  You’ve seen them before – e.g. “OMG!  Look at what this babysitter did to this baby!” or “Guy takes a pic of his face everyday for 8 years!”  It grows exponentially.  One person clicks it, another person sees their friend clicked it (it shows up in the Feed) and so on and so on.

The thing with Facebook is, it’s a Website.  It makes no difference if you’re running a Mac, Windows or Ubuntu.  You could have the best, most-expensive antivirus software – it doesn’t matter.  With Websites, it’s all about trickery and deception.

The only defense against it is user awareness and thinking before clicking.

The bad guys know the keywords you’re searching for.  Take for example the recent Charlie Sheen activity.  Users click links to what appear to be stores about Charlie Sheen.  They’re then greeted with pop-ups asking them to install a malware remover.  This is actually malware trying to trick you into letting you install it.

Everyone should be aware that malware writers have become very adept at search engine optimization to ensure their malicious links get placed on top image results returned from Google searches.

With Facebook and Twitter, it’s so easy to quickly spread a link.  If someone isn’t paying attention or is “lured” in by a thrilling tag line, they end up getting scammed.  Just the other day, an inconspicuous link started appearing in the feed.  It was supposedly an article about how a guy took a picture of his face once per day for 8 years.  Seemingly harmless, right?  Well the link led to a fake YouTube site…

Fake YouTube

The most important point for consumers is to not agree to download or run any software they do not intend to install on their machines — and to not be scared or intimidated into doing so.

The one that everyone seems to fall for is the, “see who’s viewing your profile” scam.  That’s just it, it’s a scam.  Here’s a great article on TechCrunch that details the scam.  These used to show-up on MySpace and now they’re all over Twitter and Facebook.

So how do you stop it?  The Computer Peeps recommend Firefox with NoScript.  This will prevent any malicious Javascript (such as the ones launched in the Facebook feed) from being launched.

This isn’t something software absolutely prevent.  The key is, awareness.  Be aware that the bad guys know what you’re searching for.  Be aware that people spread links unintentionally.  Unless it’s a trusted news site or authority on the topic, watch what you click.  I’m sure it would be more exciting to have some geeky way around this but honestly, it really does come down to awareness.

To recap:

  • Think before you click.  Is that enticing headline truly what it appears to be?  Is it worth clicking on to find out?
  • Know that no software can protect you from social engineering.  Much like in life, it’s all about experience an knowledge.
  • Make sure Windows is up to date and getting the security patches that come out on an almost-daily basis.
  • Make sure you’re running ESET Nod32 antivirus.

Sources:

Blocking Websites from Employees

This is probably one of the topics I hear the most.  There’s always a huge toil as to whether or not to have Internet access at a resale store.  There are pros and cons.  In my professional experience, the pros far outweigh the cons – only if your system is configured by an experienced, competent, certified IT professional though. (like The Computer Peeps!!!)

Let’s first address some of the cons to having Internet access at your store:

  • Viruses
  • Employees abusing Internet privileges
  • Data Security

The pros to having Internet access at your store:

  • Technical support can be provided via the Internet
  • Updates can be easily installed (e.g. Windows, your consignment software, etc.)
  • You can integrate your consignment software with an online shopping cart
  • You can send emails from your consignment software
  • You can harness the power of sites such as eBay, Craig’s List, and yes, even Facebook

To get straight to the point, having Internet access can save you money.  How?  The Computer Peeps can manage and support your computers and network over the Internet.  Since local techs A) don’t know consignment software and how technology relates to it and B) tend to charge an arm and a leg, utilizing The Computer Peeps for your technology needs will save you money…and frustration.  So that’s one of my favorite reasons why your store could benefit from having Internet access.

But Dean, I don’t want my employees monkeying around on Facebook all day!

I hear that one all the time.  In my personal opinion, I think having an open, liberal employee policy will set the stage for mature, responsible employees.  I’m also not a complete moron and I know humans tend to take advantage whenever possible.  So there has to be a happy medium.

Restricting/blocking Internet access is easier than you think.  Don’t make the mistake of going with a product such as NetNanny.  I’m not trying to dog that company, but I’m an IT professional and I know the real way to get things done.  If you already have Internet access (especially if you have WiFi), you probably already have a router.Netgear Router A router serves a few purposes:

  • It allows you to share one Internet connection with multiple computers
  • Virtually all routers also function as a firewall
  • You can configure the router to block certain sites and/or keywords, based on a schedule

This is how IT professionals secure a network.  Since everyone isn’t an IT professional, software companies have developed programs (see: NetNanny) to try to help end-users secure their systems.  Think of it like this: you could either have a professional install a fancy alarm system in your car or you could try and do it yourself.  Since you probably don’t know all the details  as to how to install an alarm system, you’ll either end up taking shortcuts or finding some “cheap way” of doing so.

Would you renovate your kitchen by yourself, if you’ve never done it before?  Would you replace the brakes on your car by yourself?  Would you replace your roof by yourself?  Unfortunately, by having programs out there that attempt to replicate what an IT professional should handle, it leads to the illusion of, “oh, I can just do this myself.”  This is your business we’re talking about here.  Are you saying your business isn’t worth doing things the right way?

I know how you feel though.  There’s no one to turn to, there’s so much information out there…it’s almost like this stuff is complicated on purpose!  Well, it sort of is on purpose!  This is Information Technology!  🙂

So if you’re going to be online, you need a router – even if it’s a single computer, you need a router with a firewall inside.  Don’t let anyone tell you any different.  If you find someone that tells you differently, have them call us.

So most of your issues are already solved, just by having a router!

I love routers because they make it easy to create a single-point of security for your network.  This forces all of your computers to abide by the security and settings outlined in your router.  Plus, a router is a dedicated device as opposed to bogging your computer(s) down with programs.  Even worse, security programs are updated on a regular basis and this can lead to unexpected issues.  You just can’t afford to walk in one day, only to find your consignment software won’t open because a security program was updated.

Let’s take a closer look at the settings available in most routers.  Most routers have a Block Sites (or equivalent) option…

Netgear Block Sites

The problem is, most people don’t know how to “get to their router”.  Do you walk over to it and plug a keyboard into it?  Nope.  This is one of the first reasons why IT professionals should handle this sort of stuff.  At the end of this article, I’ve included the steps on how to get to your router.  I don’t want to overwhelm everyone with nerdy details though.  It’s not difficult to do, but most get two words into and fall asleep. It’s not so complicated that it requires hundreds of dollars spent on a tech or hours to configure.

So that knocks out the majority of the issues a resale store is concerned with – blocking Websites or certain types of Websites.

Another handy feature available in most routers, is the ability to block sites/keywords based on a schedule.  Instead of blocking Facebook completely, maybe you could let the employees access Facebook the first hour that you’re open…

After an hour (if you open at 11), it’s blocked for the remainder of the day! (if you close at 5)

The Block Sites feature in many routers also provides other settings that make this such a handy feature.  You can allow specific computers to have access – e.g. your computer.  You can also configure the router to email you activity, either when someone attempts to access a blocked site or a log file summary at the end of the day.

That still won’t stop someone with a smart phone – e.g. an Android device, iPhone, Blackberry, etc.  These devices connect via 3G and do not require a WiFi connection to browse the Web.  So you have to be ready to deal with a certain amount of “well, technology can’t fix everything!”  I’m of the philosophy that if you try to force people to do something, they might heed your warnings for a while, but it will eventually lead to dissension.  I don’t want to get on a philosophical rant here, but technology is not a policy maker.  Hiring smart, educated, respectable employees is something business owners have to deal with, with or without technology.  If you look at a company like Google (yes, I know we’re not all multi-billion dollar companies), you’ll see that a certain amount of freedom goes a long way.  There’s a smarter way to manage people, rather than just “shutting everything down”.  But I digress…

So, let’s recap:

  • You probably already own and utilize a router/firewall.  If you don’t, go buy one today.  If you need to know which to buy, just call The Computer Peeps.  Routers are very inexpensive, yet the yield a wealth of security and features that can help your business.
  • Routers can help you block specific sites or keywords
  • Routers can notify you if someone attempts to access a blocked site
  • You can allow specific computers – e.g. your own – and block/restrict others
  • Technology is a tool to help your business, it is not the end all, be all of policy though – that’s up to you.

There are a few other tricks to blocking sites, but they’re not absolute.  I don’t want to get too geeky, but I sort of have to on this one.  There is a “hosts” file that resides on Windows-based computers.  You can edit this file and manually block/redirect specific sites.  Most people don’t know about this file, which is good for you – it means employees won’t know how to edit the file.  People are getting savvier with PCs though, so if someone has a little bit of computer knowledge, they will know about the “hosts” file, thus, it can be defeated.  It’s free though and it’s a neat little trick.  You can also use a service such as OpenDNS.  Since the Internet works off of names (e.g. Facebook.com) resolving to IP addresses, you can use OpenDNS to block/redirect specific sites as well.  It’s a free service, which I love.  I think everyone should use OpenDNS for their name servers (sorry, geeky, I know) since it helps keep out phishing/malicious sites.  For the purpose of this article though, it’s a little fallible.  It requires that you log in to their site, add your network’s IP address, etc..  So it’s handy, but it’s not perfect.  I’ll discuss OpenDNS in a separate article.

++++++++++++++++++++++++++++++++++++++++++++++++++

Note:

At the beginning of this article, I said I’d show everyone how to log in to a router.  I just want to show that this is not some crazy geek thing, nor does it require hundreds of dollars to pay someone to figure this out.  It’s not for the faint of heart though, so if this is over your head, don’t feel left out.

  1. Click Start
  2. Click Run (or in Windows Vista or 7, just click in the “Search” field under the Start menu)
  3. Type cmd
  4. Click OK or press Enter on your keyboard.  You should now see a command prompt that looks similar to this…

    command prompt

  5. Type ipconfig /all and then press Enter (notice there’s a space after g and before /).  You should see a list of network information similar to this…

    ipconfig

  6. Scroll through the list of information and look for the Default Gateway line…

    Make note of the IP address for your Default Gateway.  In my example, it would be 174.164.1.1.

  7. Launch your Internet browser and type that IP address into the Address Bar (make sure you type it into the Address Bar, not a Bing, Google or some other “search” field.

    IP in Address Bar

  8. Once you click Go or Enter, you should be prompted to enter a user name and password…

    Router login

    Hopefully your router’s password has been changed from the default password it came with!!!

  9. Once you click OK, you’re logged in!

    Router management

That wasn’t too difficult, was it!?  I don’t expect everyone to run out and do this.  I just wanted to show that it’s possible, it isn’t difficult and if you already have a router, you have security settings you should be taking advantage of.

Facebook Safety 101

Ok, we *all use Facebook.  Something that makes Facebook unique (and MySpace started doing this toward the end too) is apps.  Facebook lets you install applications – e.g. Farmville (my personal fav).  Well, these apps are developed to utilize everything about your Facebook profile.  Facebook provides an API (Application Programming Interface).  This allows developers to write apps that can do anything to your Facebook profile – e.g. post to your feed, send messages to your friends, etc.

So what’s my point?  Don’t install any and every app you come across.  Some apps aren’t games or “surveys” – some are “give so and so a flower” or “send so and so a hug”.  The majority of these are traps.  They seem harmless – “oh, sure, I’ll send my friend a hug!”  Why would you need to install an app that “requires full access to your Facebook profile”?  It’s just not worth it.

Facebook App
Facebook App

So safety tip #1 – do not install apps on Facebook unless you KNOW who the software vendor is.  Games such as Farmville come from legitimate software developers.  These little “hug” or “flower” apps can be developed by pretty much anyone.  Is it worth it to send a hug, just to have your profile hacked?

The next way your Facebook profile can get hacked is via JavaScript.  I’m going to do my best to not get too geeky here, but we have to talk nerdy just a little.  JavaScript is plain text, embedded within Web pages.  It provides for more elegant Web design and can do far more than flat HTML can do.  Whether it’s fancy image transitions or actual data retrieval, JavaScript is a very powerful scripting language.  It can also control what your browser does – e.g. move your cursor, control windows (e.g. pop-ups), etc.  Well, the power behind Facebook is JavaScript.

The latest trend has been to send people links via private message/email.  You click on the link thinking it’s going to be a funny video, but it’s actually a malicious JavaScript on the offending site/host.  It then executes JavaScript that can penetrate your Facebook page and post whatever it wants to your feed.

That brings us to safety tip #2 – don’t click on links in messages or posts that you do not trust 100%.  It’s the oldest trick in the book.  “Hey, look at this” and then wham, you’ve been had.

How does one prevent this?  Well, JavaScript can only be stopped one way – stop it.  That’s why The Computer Peeps recommend Firefox as your Internet browser.  Firefox alone is not only one of the safest, fastest Internet browsers, it’s also ahead of its time.  All of the security measures Microsoft just got to today, Firefox had years ago.

Another benefit of using Firefox is add-ons.  These are plug-ins developed to enhance Firefox.  Just like Facebook, there are good apps and bad apps.  Because Firefox is open source and because everyone – good or bad – has access to the code, it makes for an extremely safe and stable product.  Seems odd doesn’t it?  It’s the beauty of community.  I don’t use a bunch of add-ons for Firefox simply because it just doesn’t need them.  There are a few that are worth their weight in gold though:

  • NoScript
  • AdBlock Plus
No Script and AdBlock
No Script and AdBlock

I have been using these for years and they are both lifesavers.  NoScript is the one we’re going to discuss in this post.  AdBlock is fantastic and helps block all ads embedded within a page – I’m sure ads are most-annoying to all of you reading this.  NoScript though is special.  It blocks all JavaScript from being executed.  Thus, if you visit a site that attempts to execute malicious JavaScript, it simply cannot execute it, period.

That can be a good and bad thing though.  You want certain sites to be able to execute JavaScript, such as Facebook.  What you DON’T want is for sites people link to on Facebook to be able to execute JavaScript.  After installing NoScript, the first time you visit a site such as Facebook, JavaScript will be disabled.  All you do is click the little icon and allow JavaScript on the site you trust.  Within a day or so, you will have visited all of your regularly visited sites – e.g. Facebook, Amazon, CNN, The Onion, etc.  Just “allow” each of those sites and you never have to do it again!

To me, it’s beyond worth it to “allow” a site rather than let it execute JavaScript that posts a naked girl dancing on my Facebook profile.  You tell me if it’s worth it.  😉

All of these products are free and easy to use.  To download Firefox, visit:

http://www.firefox.com/

.

Once you have Firefox installed, click Tools > Add-ons

Tools > Add-ons
Tools > Add-ons

Search for NoScript and install it.  Once that’s installed, search for AdBlock Plus and install it.  You’d be amazed what ESET Nod32 as your anti-virus and the above Firefox setup can do in the name of securing your computer.  Add to that, you don’t have to see annoying ads when you visit a site (and even ads can be a security issue if they lead you to another site).

If you need any assistance with the above, just call The Computer Peeps!

Back To Top