Archives for posts with tag: Graham Cluley

Phishing scams continue to proliferate. As Graham Cluley wrote in a recent article, one of the main reasons for this ongoing problem is that users keep clicking on links and/or attachments in emails and other documents. But Mr. Cluley also noted in that same blog that Google is taking a pro-active step to help Gmail users avoid links and attachments meant to capture and/or infect the users’ iPhones and other devices (; “Gmail now warns iOS users about suspicious links in fight against phishing threats”; August 14).

As Mr. Cluley wrote, Google just announced this new anti-phishing security check for Gmail. Now when a Gmail user clicks on a link that’s been detected to be suspicious on an iPhone or iPad, an alert reading “Suspicious link” will pop up on the screen. The user will be advised to confirm whether the link or attachment is valid. The very useful steps Gmail users should take when seeing such an alert are outlined in both Mr Cluley’s blog and the Google announcement (

Gmail users should read Mr. Cluley’s blog and the Google announcement to familiarize themselves with these steps ahead of time. That way, they’ll be ready in case they ever see the “Suspicious link” alert.

Graham Cluley ( published an important alert for any consumer who uses the iOS app store. There are scammers who are using the app store website for various — and unfortunately, clever and successful — scams. In his “Hot for Security” blog article, Mr. Cluley cites the discoveries found by a security researcher (“Watch out! Scammers are making a fortune in the iOS App Store”, June 13th). I’m sharing the discovery so consumers will be ever more vigilant before buying something on that website.

Mr. Cluley included examples of several iOS app store scams but I’m just mentioning one in particular since it has such a safe sounding name. It’s an app called “Mobile protection: Clear & Security UPN.” As described in his blog, this app asks that consumers provide personal information such as contacts — an odd request certainly and one that should raise red flags. However, that concern might be allayed by the “free trial” opportunity to use this security app.

This is another entry in the scam category of  “if it sounds too good to be true, it is”. As the researcher dug into the app, he learned that it actually costs $99.99 for a 7-day trial and that it automatically renews. So any consumer who signs up for it could build up more and more charges before realizing what’s happening.

I urge everyone to read Mr. Cluley’s blog on these scams — don’t help the scammers get even richer.

Netflix users need to read David Bisson’s article about the credit card phishing scheme that’s been unearthed. His excellent article can be found on Graham Cluley’s website. That link is:

This is a “must read ASAP” for Netflix users so that their financial information isn’t captured and used by the scammers behind this latest phishing scheme.


I’ve written before about ransomware which is an especially vicious attack by thieves and scammers. They capture a consumer’s computer, infect it and then demand payment before the consumer can regain use and/or control of it. There are differing views on what a consumer should or shouldn’t do if she finds herself in this terrible situation.

Graham Cluley has posted an excellent article by David Bisson on what a consumer should and should not do when confronting a ransomware situation. I strongly encourage everyone to read Mr. Bisson’s article since he provides a well thought out approach which is helpful to know about before trying to undo this type of terrible dilemma. The article can be found on Mr. Cluley’s website at:

I hope no one ever needs this information but better to be educated about it then trying to figure it out when hit with a ransomware infection.

As was reported over the summer, Yahoo is investigating what appears to be a massive data breach. Graham Cluley posted an article today in which he said that, per a report by Recode, Yahoo might be making an announcement very soon about that investigation (; “Yahoo ‘expected to confirm massive data breach’ says Recode”).

The hacker or hackers breach was rumored to have gained access to 200 million user accounts. In fact, Yahoo has been sending out emails to users urging them to change their passwords.

It’s always a smart move to change passwords and now that’s even a more timely reminder for Yahoo users.

I’ll keep everyone posted as more news emerges about this breach.

People still like sending postcards which is the innovative service provided by the online service Touchnote.  Registered users send digital photos to Touchnote which then converts them into hard copy postcards that get sent to individuals designated by the registered user.

Touchnote learned on November 4th that it had been hacked.  As reported by Graham Cluley, Touchnote sent an alert to its registered users warning them of the hack and strongly recommending that they change their Touchnote passwords (; “Touchnote hacked –tells users to reset their passwords”; November 6).

Per the Touchnote email alert (reprinted in Mr. Cluley’s report),  hackers accessed users’ names, email and postal addresses, and their order histories.  Touchnote doesn’t store credit and debit card numbers, or their expiration dates or security codes.  Additionally, Touchnote encrypts users’ passwords and doesn’t reveal them in plain text. Nonetheless, Touchnote still strongly recommended that users pick new passwords.

Touchnote also recommended that users keep close tabs on their credit and debit card statements.  That and changing passwords is always sound advice when this kind of hacking occurs.

Here’s yet one more example of the “if it seems too good to be true, it is” type of scam.  Graham Cluley recently wrote about this scam that’s been appearing on a bogus Facebook page (; “No, British Airways isn’t giving away free flights for a year.  It’s a Facebook scam.”; September 8th).  Hopefully it will be removed soon by Facebook security staff.

This is an especially appealing scam right after Labor Day.  People are going back to work and might already be thinking about when they can next take a vacation.  This scam plays right into those feelings.  Mr. Cluley posted a screenshot of the fake Facebook page — it looks very realistic.

How to get the year of free flights? Mr. Cluley notes that the bogus website page says people can do so by sharing a photo of themselves.  As Mr. Cluley wisely advises  — don’t do it!  He cautions that doing so could result in unwanted spam messages or   “…dodgy links that could lead to a malware infection or your account being phished.”

So avoid this scam or any variations of it on Facebook or elsewhere.

I’ve written before about the Internet of Things (IoT) and some of the privacy and security issues that IoT raises.  Yes, there are some very helpful benefits from having so many of our devices inter-connected.

Yet there are security and privacy concerns that individuals need to keep in mind.  The number of devices someone chooses to have connected will depend on her comfort level.  Do you want your thermostat letting the power company know your daily routine, e.g., the daily times of your shower and your departure from home? Other issues are nicely outlined in an article by Omri Toppol that Graham Cluley has as a link on his newsletter (; “What is the Internet of Things, and Why Should We Care about Its Security”; August 3rd).

The article by Omri provides several chilling examples of the dangers inherent in the IoT.  One example in the article is the 2010 hacking in Austin, Texas of over 100 cars which were remotely disabled.  The hacker or hackers disabled the cars by hacking into an online vehicle immobilization service.

I encourage people to read this article if for no other reason to learn more about the IoT — what’s already happening, what could happen in the not too distant future and then being able to decide a personal comfort level.

Graham Cluley reports on a multi-national, multi-agency takedown of the Simda botnet that is thought to have infected around 770,000 PCs around the world (; “A quick way to tell if your PC was infected by the Simda botnet”; April 14th).

Mr. Cluley’s article reports that Kaspersky has created an online test allowing individuals to see if their PC had been infected; the test checks the individual’s IP address against the database of infected IP addresses that the security experts had found.  How did these PCs get infected?  Mr. Cluley cites a Kaspersky blog that reports the Simda botnet initially got into the PCs through vulnerabilities that individuals hadn’t patched.  It could also have been inserted via fraud malware that got installed.

Just another reminder, Mr. Cluley urges, that individuals need to update operating systems and third-party software (e.g., Flash, Adobe Reader) with the most current security fixes.  He notes that doing so “…is an essential part of protecting your computer from attack and should be done alongside running up-to-date anti-virus software.”

Facebook users will want to know about, and use, the latest privacy control that’s just been announced and will start rolling out soon.  This is a blue dinosaur that will pop up on users’ computer screens.   The tool will help users review their current Facebook privacy settings and, if desired, make any updates or changes to those settings.  It is a helpful way for Facebook users to be even more privacy pro-active.

Graham Cluley’s done an article about this latest feature and includes screen shots of the blue dinosaur (; “Facebook’s privacy dinosaur will check your settings for you”; September 6th).  The screen shots provide users with the option either of using the feature or not; if selected, the review show take only about one to two minutes.

Mr. Cluley urges Facebook users to select the “Let’s Do It!” option since the relatively easy process allows Facebook users to be doubly sure that they are sharing their information with the people with whom they want do.  As he notes, it will be easy for Facebook users to review both the people with whom they’re sharing information as well as any 3rd-party Facebook apps with whom the user is connected.  These reviews will allow Facebook users to confirm and/or refine these settings.

Using the new blue dinosaur is a way for Facebook users to augment their privacy.  But, as Mr. Cluley notes, Facebook users shouldn’t use the “Privacy Checkup” instead of, or as a substitute for, routinely doing their own checks and reviews of their Facebook privacy settings.