Beware of GoDaddy Phishing Scheme

Written: September 9, 2019

Another quick alert to an email phishing scam just received today, because it actually looks pretty legitimate at first glance.

 

Official logo, proper phone number, but ah, that Customer ID is just my email. Scrolling down to see the rest of the email, it looks official enough.

Hovering the cursor over the Green button reveals an address not at all related to godaddy.com, so we know it’s a phishing scam.

 

Another clue that this email is not legit, is to click on the From address and look for an address with godaddy.com suffix:

So this phishing scam had all of the telltale signs of a fake:

Phishing scams lure you into clicking that link in the email, then you land on a bogus page that collects your real account identity. Be smarter than the identity thieves, and double-check all email before clicking any links.

Tags: ,

Is your Password Safe Enough?

Written: August 30, 2019

We all have online accounts and the process of providing a username and password is quite commonplace, but exactly how strong is your password? Just today on LinkedIn I received a message from a confirmed contact that is also freelance, and it talked about an opportunity, but somehow the message didn’t look quite right to me:

 

LinkedIn Message

First of all, we know each other, but the wording sounded formal and unlike the person. Secondly, the link was going to something on Amazon Web Services and the page just didn’t look legit:

 

First Suspect Page

Finally, clicking the link to Open File brought me to yet another insecure page, that was phishing for my Microsoft credentials:

 

Microsoft Phishing

At this point I was 100% certain that this was a phishing scam, but how did that message get sent within LinkedIn in the first place?

I did a quick text message to my freeleance contact and quickly confirmed that he did NOT send me a message on LinkedIn, rather a hacker had guessed his password and used his account to send out this message. My contact was able to change his LinkedIn password, thus securing control of his account and locking out the hacker.

Moral of the story? Well, if something in a LinkedIn message seems off, or not like the personality of your contact, then confirm before proceeding. When you confirm with your contact, use either email or text, not LinkedIn, because the hacker is logged into the victim’s account and will try to assure you that all is well, when in fact all is not well.

Tags: ,

Email scam – Navy Federal Credit Union

Written: August 22, 2019

Hackers often send me phishing email messages in order to trick me into clicking a link, then trying to login to their fake web page, stealing my login credentials in the process. So how do I keep safe from such attempts?

Just this morning I received an official-looking email, claiming to be from Navy Federal Credit Union.

Navy Federal Credit Union

This email has a beautiful layout, official logo, pleasant stock photo, even nice fonts, so at first glance it looks legitimate, but being suspicious I begin to notice the telltale signs of a phishing scam:

  1. Dear Member – a real company knows my first and last name, along with an account number. Both of those are missing.
  2. Grammar – try reading the first sentence, it’s totally disjointed, so English was not the first language of the hacker.

Clicking on the sender’s email address is always the defining identity test.

Navy email

OK, so even the sender’s email address is bogus, because shuttleplanet.com is not navyfederal.org. The final determination that this is a phishing scam is that pretty, Orange button that they really want me to click, so just hovering my cursor over it reveals that the link has nothing to do with navyfederal.org:

Navy link

There you have it, I know with 100% certainty that this is a phishing email, not a legitimate one, however the sender was clever in making this email appear to be real with use of a beautiful layout, nice fonts and official logo. So be wary of email messages that invite you to click a button or click a link, because it just may send you to a hacker site that steals your login credentials instead.

Tags:

Reducing the amount of SPAM email sent from web contact forms

Written: August 7, 2019

My business clients love it when prospects or customers contact their web forms, which then sends an email message, But what do you do when a malicious person has a bot that is visiting your contact pages and filling out bogus web forms?

Who wants to receive that many bogus email message?

Our friends at Google have managed to figure out a way that auto-detects when a computer bot fills out your forms, instead of a human, and they call that technology reCAPTCHA. Best of all, this technology is free to use.

For my WordPress client web sites I typically use a plugin for forms called Contact Form 7, and it has a net integration with Google reCAPTCHA. So, my first step is to browse https://google.com/recaptcha/ and then add my client web site, which then generates two keys:

 

I just click the Copy Site Key, then over in WordPress I find Contact> Integration, then paste in the two values:

 

Once those two keys are installed, then I just browse the client site, and double check that the special Google icon appears in the lower-right corner of every web page, telling me that I’m protected from most SPAM fields.

 

When you hover the cursor over the Google icon, it expands to provide more information:

protected by reCAPTCHA

Try this approach, and see if it doesn’t cut down the amount of spam email messages being sent from your web site forms. My customers love it.

Tags: , , ,

Blog Tags

Recent Posts

Blog Directory & Business Pages at OnToplist.com